[Bug 2057679] Re: systemd-stub fails to boot when loaded via peimage

Launchpad Bug Tracker 2057679 at bugs.launchpad.net
Sun Apr 7 03:20:10 UTC 2024 

This bug was fixed in the package grub2-unsigned - 2.12-1ubuntu7

---------------
grub2-unsigned (2.12-1ubuntu7) noble; urgency=medium

  * d/p/grub-sort-version.patch: Also patch grub-mkconfig to export GRUB_FLAVOUR_ORDER
  * d/grub-sort-version: Update regex to correctly match kernel flavour
  * d/grub-sort-version: Append `-0` to abi strings before passing to python-apt (Fixes LP: #2041827)
  * debian/: Add tests for grub-sort-version
  * Revert peimage to re-use GRUB's image handle (LP: #2057679) (LP: #2054127)
  * Increase SBAT level to "grub.ubuntu,2" and "grub.peimage,2"
  * d/build-efi-images: Make sure downstream didn't remove peimage SBAT entry
  * SECURITY UPDATE: Use-after-free in peimage module [LP: #2054127]
    - CVE-2024-2312
  * Source package generated from src:grub2 using make -f ./debian/rules
    generate-grub2-unsigned

 -- Mate Kukri <mate.kukri at canonical.com>  Thu, 04 Apr 2024 11:12:35
+0100

** Changed in: grub2-unsigned (Ubuntu Noble)
       Status: New => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-2312

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2-unsigned in Ubuntu.
https://bugs.launchpad.net/bugs/2057679

Title:
  systemd-stub fails to boot when loaded via peimage

Status in grub2-unsigned package in Ubuntu:
  Fix Released
Status in grub2-unsigned source package in Mantic:
  New
Status in grub2-unsigned source package in Noble:
  Fix Released

Bug description:
  systemd-stub fails to boot when loaded via peimage.

  This is because peimage internally allocates an ImageHandle for images
  it starts and loads. systemd-stub  will then pass its own ImageHandle
  as ParentImageHandle to the firmware's LoadImage() function to load
  and start the embedded Linux kernel.

  The UEFI spec doesn't elaborate on this being allowed or not, but it
  seems like edk2 based firmwares try to locate private data attached to
  such a ParentImageHandle, then assert.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/2057679/+subscriptions

More information about the foundations-bugs mailing list