[Bug 2028931] Re: device tree protocol not always applied
Launchpad Bug Tracker
2028931 at bugs.launchpad.net
Wed Oct 4 03:18:18 UTC 2023
This bug was fixed in the package grub2-unsigned - 2.06-2ubuntu17.2
---------------
grub2-unsigned (2.06-2ubuntu17.2) lunar; urgency=high
* SECURITY UPDATE: Crafted file system images can cause out-of-bounds write
and may leak sensitive information into the GRUB pager.
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-a-volume-
label.patch:
fs/ntfs: Fix an OOB read when parsing a volume label
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-bs-for-
index-at.patch:
fs/ntfs: Fix an OOB read when parsing bitmaps for index attributes
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-parsing-dory-
entries-fr.patch:
fs/ntfs: Fix an OOB read when parsing directory entries from resident and
non-resident index attributes
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-read-when-reading-data-fhe-
reside.patch:
fs/ntfs: Fix an OOB read when reading data from the resident $DATA +
attribute
- CVE-2023-4693
* SECURITY UPDATE: Crafted file system images can cause heap-based buffer
overflow and may allow arbitrary code execution and secure boot bypass.
- d/patches/ntfs-cve-fixes/fs-ntfs-Fix-an-OOB-write-when-parsing-the-
ATTRIBUTE_LIST-.patch:
fs/ntfs: Fix an OOB write when parsing the $ATTRIBUTE_LIST attribute for
the $MFT file
- d/patches/ntfs-cve-fixes/fs-ntfs-Make-code-more-readable.patch
fs/ntfs: Make code more readable
- CVE-2023-4692
* efi/fdt: Apply device tree fixups directly after loading
- add debian/patches/fdt-fixup-after-load.patch
- LP: #2028931
* Source package generated from src:grub2 using make -f ./debian/rules
generate-grub2-unsigned
-- Mate Kukri <mate.kukri at canonical.com> Mon, 02 Oct 2023 15:25:43
+0100
** Changed in: grub2-unsigned (Ubuntu Lunar)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2-unsigned in Ubuntu.
https://bugs.launchpad.net/bugs/2028931
Title:
device tree protocol not always applied
Status in grub2-unsigned package in Ubuntu:
Fix Released
Status in grub2 source package in Focal:
Won't Fix
Status in grub2-unsigned source package in Focal:
Fix Released
Status in grub2 source package in Jammy:
Won't Fix
Status in grub2-unsigned source package in Jammy:
Fix Released
Status in grub2 source package in Lunar:
Won't Fix
Status in grub2-unsigned source package in Lunar:
Fix Released
Status in grub2 source package in Mantic:
Fix Released
Status in grub2-unsigned source package in Mantic:
Fix Released
Bug description:
[Impact]
device tree fixups are not applied when grub_fdt_load() has been called before, as that copies the device tree + extra space into a new fdt variable.
For example, when a pre-LoadFile2 kernel is being loaded, grub passes
the initrd via device tree and needs to modify it, for which it calls
the function. On pre-2.12 loaders, this happens for every kernel on
arm64 as we do not support LoadFile2 there.
[Test plan]
Isaac has run the test to make sure the change works and Mate has verified that it doesn't regress qemu booting across a wide set of scenarios but either way we'd not block update releases on this but would rather reset the tasks after.
[Where problems could occur]
We're moving the fixup of the device tree to directly after loading it, so that grub can make any modifications to set initrd for example (there are no others yet), later.
Device tree fixup suddenly working can of course cause regressions if
the fixups in u-boot are wrong.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2028931/+subscriptions
More information about the foundations-bugs
mailing list