[Bug 2039172] Re: grub 2.12~rc1 fails to load files from large directories on XFS

Launchpad Bug Tracker 2039172 at bugs.launchpad.net
Tue Nov 14 15:15:13 UTC 2023 

This bug was fixed in the package grub2 - 2.12~rc1-12ubuntu2

---------------
grub2 (2.12~rc1-12ubuntu2) noble; urgency=medium

  * Merge from Debian unstable; remaining changes:
    - Add Ubuntu sbat data
    - build-efi-images: do not produce -installer.efi.signed. LP: 1863994
    - grub-common: Install canonical-uefi-ca.crt
    - Check signatures
    - Support installing to multiple ESP (LP: 1871821)
    - Disable various bits on i386
    - Split out unsigned artefacts into grub2-unsigned
    - Vcs-Git: Point to ubuntu packaging branch
    - Relax dependencies on grub-common and grub2-common
    - grub-pc: Avoid the possibility of breaking grub on SRU update due
      to ABI change
    - UBUNTU: Default timeout changes
    - Revert "Add jfs module to signed UEFI images. Closes: #950959"
    - Revert "Add f2fs module to signed UEFI images"
    - Install grub-initrd-fallback.service again
    - Build using -O1 on s390x to avoid misoptimization
    - grub-check-signatures: Support gzip compressed kernels (LP: #1954683)
    - grub-multi-install: Reset partition type between partitions (LP: #1997795)
    - Drop i386 from grub-efi-amd64* (LP: #2020907)
    - Turn depends on grub-efi-amd64/arm64 unversioned
    - forward port fix for LP: #1926748
    - Make the grub2/no_efi_extra_removable setting work correctly
    - Forward port the fix for LP: #1930742 and make it conditional (xenial/bionic only)
    - Build grub2-unsigned packages with xz compression
    - Revert: "Have -bin packages Break pre-2.12 -signed packages.", this is not
      compatible with our versioning schemes.
    - Install a /usr/lib/grub/grub-sort-version and use that to sort versions as
      it respects GRUB_FLAVOUR_ORDER. Depend on python3 to do so.
    - rules: Add DPKG_BUILDPACKAGE_OPTIONS to generate-grub2-unsigned
    - Replaced patches:
      - installe-signed.patched
      - grub-install-extra-removable.patch
      - grub-install-removable-shim.patch
    - Added patches:
      + rhboot-f34-dont-use-int-for-efi-status.patch
      + rhboot-f34-make-exit-take-a-return-code.patch
      + suse-grub.texi-add-net_bootp6-document.patch
      + ubuntu-add-devicetree-command-support.patch
      + ubuntu-add-initrd-less-boot-fallback.patch
      + ubuntu-add-initrd-less-boot-messages.patch
      + ubuntu-boot-from-multipath-dependent-symlink.patch
      + ubuntu-dont-verify-loopback-images.patch
      + ubuntu-fix-lzma-decompressor-objcopy.patch
      + ubuntu-grub-install-extra-removable.patch
      + ubuntu-install-signed.patch
      + ubuntu-mkconfig-leave-breadcrumbs.patch
      + ubuntu-os-prober-auto.patch
      + ubuntu-recovery-dis_ucode_ldr.patch
      + ubuntu-resilient-boot-boot-order.patch
      + ubuntu-resilient-boot-ignore-alternative-esps.patch
      + ubuntu-shorter-version-info.patch
      + ubuntu-speed-zsys-history.patch
      + ubuntu-support-initrd-less-boot.patch
      + ubuntu-verifiers-last.patch
      + ubuntu-zfs-enhance-support.patch
      + ubuntu-zfs-gfxpayload-dynamic.patch
      + ubuntu-zfs-gfxpayload-keep-default.patch
      + ubuntu-zfs-insmod-xzio-and-lzopio-on-xen.patch
      + ubuntu-zfs-mkconfig-recovery-title.patch
      + ubuntu-zfs-mkconfig-signed-kernel.patch
      + ubuntu-zfs-mkconfig-ubuntu-distributor.patch
      + ubuntu-zfs-mkconfig-ubuntu-recovery.patch
      + ubuntu-zfs-vt-handoff.patch
  * Removed luks2 from signed EFI binaries (LP: #2043101)

grub2 (2.12~rc1-12) unstable; urgency=medium

  [ Mate Kukri ]
  * Port UEFI based network stack to 2.12 (LP: #2039081)
  * efi: Correct image unloading behavior
  * Prevent the incorrect use of `UnloadImage()` by binaries loaded by peimage
  * efinet: HTTP_MESSAGE fix field size (LP: #2043084)

  [ Abe Wieland ]
  * Maintain administrator value for os-prober

  [ Julian Andres Klode ]
  * Cherry-pick upstream XFS directory extent parsing fixes (Closes: #1051543)
    (LP: #2039172)

grub2 (2.12~rc1-11) unstable; urgency=medium

  [ Mate Kukri ]
  * SECURITY UPDATE: Crafted file system images can cause out-of-bounds write
    and may leak sensitive information into the GRUB pager.
    - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-
      label.patch:
      fs/ntfs: Fix an OOB read when parsing a volume label
    - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-bs-for-
      index-at.patch:
      fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes
    - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-dory-
      entries-fr.patch:
      fs/ntfs: Fix an OOB read when parsing directory entries from resident and
      non-resident index attributes
    - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-reading-data-fhe-
      reside.patch:
      fs/ntfs: Fix an OOB read when reading data from the resident $DATA +
      attribute
    - CVE-2023-4693
  * SECURITY UPDATE: Crafted file system images can cause heap-based buffer
    overflow and may allow arbitrary code execution and secure boot bypass.
    - d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-write-when-parsing-the-
      ATTRIBUTE_LIST-.patch:
      fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute for
      the $MFT file
    - d/patches/ntfs-cve-fixes/fs-ntfs-Make-code-more-readable.patch
      fs/ntfs: Make code more readable
    - CVE-2023-4692
  * efi: Cleanup peimage.c

  [ Julian Andres Klode ]
  * Bump SBAT to grub,4

 -- Mate Kukri <mate.kukri at canonical.com>  Thu, 09 Nov 2023 16:16:56
+0200

** Changed in: grub2 (Ubuntu Noble)
       Status: Triaged => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-4692

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-4693

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/2039172

Title:
  grub 2.12~rc1 fails to load files from large directories on XFS

Status in grub2 package in Ubuntu:
  Fix Released
Status in ubuntu-release-upgrader package in Ubuntu:
  Triaged
Status in grub2 source package in Mantic:
  New
Status in ubuntu-release-upgrader source package in Mantic:
  Fix Committed
Status in grub2 source package in Noble:
  Fix Released
Status in ubuntu-release-upgrader source package in Noble:
  Triaged
Status in grub2 package in Debian:
  Fix Released

Bug description:
  [Impact]
  Multi-extent directories are not parsed correctly by grub's XFS code in 2.12~rc1, preventing it from loading files from directories with too many entries, such as the grub module directory.

  This should only affect BIOS systems as they need to load the core
  grub modules from the module directory, whereas UEFI systems have them
  embedded in the ESP EFI image.

  [Test plan]

  On systems BIOS systems with XFS /boot, or XFS / and no separate boot
  partition, the upgrade should be prevented early on with a message
  linking to this bug report.

  We should also test upgrades on "normal"/unaffected system to make
  sure it is not unnecessarily prevented.

  [Where problems could occur]
  The two risks here are (1) missing a case where we should block upgrade, and (2) preventing an upgrade in a case where we should not. The unit tests included in the patch attempt to mitigate this risk.

  Any issues would probably come from logic errors in the code that
  parses /proc/mounts.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2039172/+subscriptions

More information about the foundations-bugs mailing list