[Bug 2088181] Re: route_table_size is parsed as number of entries but it should be bytes
Launchpad Bug Tracker
2088181 at bugs.launchpad.net
Mon Aug 18 12:11:06 UTC 2025
This bug was fixed in the package grub2 -
2.14~git20250718.0e36779-1ubuntu2
---------------
grub2 (2.14~git20250718.0e36779-1ubuntu2) questing; urgency=medium
* Fup grub-common -> grub2-common merger in Ubuntu specific delta
grub2 (2.14~git20250718.0e36779-1ubuntu1) questing; urgency=medium
* Merge from Debian experimental; remaining changes:
- Add Ubuntu sbat data
- build-efi-images: do not produce -installer.efi.signed. LP #1863994
- grub-common: Install canonical-uefi-ca.crt
- Check signatures
- Support installing to multiple ESP (LP #1871821)
- Split out unsigned artefacts into grub2-unsigned
- Vcs-Git: Point to ubuntu packaging branch
- Relax dependencies on grub-common and grub2-common
- UBUNTU: Do not link grub-efi-*-unsigned docs to grub-common
- UBUNTU: Default timeout changes
- UBUNTU: Replace grub-install-extra-removable
- UBUNTU: Revert "Add jfs module to signed UEFI images. Closes: #950959"
- UBUNTU: Revert "Add f2fs module to signed UEFI images"
- UBUNTU: Drop luks2
- Install grub-initrd-fallback.service again
- Build using -O1 on s390x to avoid misoptimization
- grub-check-signatures: Support gzip compressed kernels
- forward port fix for LP #1926748
- Forward port the fix for LP #1930742 and make it conditional (xenial/bionic only)
- Build grub2-unsigned packages with xz compression
- Drop i386 from grub-efi-amd64*
- Turn depends on grub-efi-amd64/arm64 unversioned
- Install grub-sort-version
- rules: Add DPKG_BUILDPACKAGE_OPTIONS to generate-grub2-unsigned
- d/postinst.in: Make empty "grub-pc/install_devices" non-fatal in "noninteractive" mode
- Add debconf options "grub-{efi,pc}/cloud_style_installation"
- grub-common.service: Add After/Requires=boot-complete.target (LP #1992643)
- d/postinst.in: Remove upgrade check for GRUB version we can no longer upgrade from
- Disable ELF metadata injection
- Provide pre-built BIOS and IEEE1275 El-Torito images (LP #2086841)
- Removed patches:
+ install-signed.patch with
+ grub-install-extra-removable.patch
+ grub-install-removable-shim.patch
- Added patches:
+ ubuntu-install-signed.patch
+ ubuntu-grub-install-extra-removable.patch
+ ubuntu-zfs-enhance-support.patch
+ ubuntu-zfs-mkconfig-ubuntu-recovery.patch
+ ubuntu-zfs-mkconfig-ubuntu-distributor.patch
+ ubuntu-zfs-mkconfig-signed-kernel.patch
+ ubuntu-zfs-gfxpayload-keep-default.patch
+ ubuntu-zfs-gfxpayload-dynamic.patch
+ ubuntu-zfs-vt-handoff.patch
+ ubuntu-zfs-mkconfig-recovery-title.patch
+ ubuntu-zfs-insmod-xzio-and-lzopio-on-xen.patch
+ ubuntu-support-initrd-less-boot.patch
+ ubuntu-shorter-version-info.patch
+ ubuntu-add-initrd-less-boot-fallback.patch
+ ubuntu-mkconfig-leave-breadcrumbs.patch
+ ubuntu-fix-lzma-decompressor-objcopy.patch
+ ubuntu-add-devicetree-command-support.patch
+ ubuntu-boot-from-multipath-dependent-symlink.patch
+ ubuntu-resilient-boot-ignore-alternative-esps.patch
+ ubuntu-resilient-boot-boot-order.patch
+ ubuntu-speed-zsys-history.patch
+ ubuntu-dont-verify-loopback-images.patch
+ ubuntu-recovery-dis_ucode_ldr.patch
+ ubuntu-add-initrd-less-boot-messages.patch
+ rhboot-f34-make-exit-take-a-return-code.patch
+ rhboot-f34-dont-use-int-for-efi-status.patch
+ suse-grub.texi-add-net_bootp6-document.patch
+ ubuntu-verifiers-last.patch
+ ubuntu-os-prober-auto.patch
+ grub-sort-version.patch
+ Revert-kern-ieee1275-init-ppc64-Display-upper_mem_limit-w.patch
+ Revert-kern-ieee1275-init-ppc64-Fix-a-comment.patch
+ Revert-kern-ieee1275-ieee1275-Display-successful-memory-c.patch
+ Revert-loader-powerpc-ieee1275-Use-new-allocation-functio.patch
+ Revert-kern-ieee1275-cmain-ppc64-Introduce-flags-to-ident.patch
+ Revert-kern-ieee1275-init-ppc64-Rename-regions_claim-to-g.patch
+ Revert-kern-ieee1275-init-ppc64-Add-support-for-alignment.patch
+ Revert-kern-ieee1275-init-ppc64-Return-allocated-address-.patch
+ Revert-kern-ieee1275-init-ppc64-Decide-by-request-whether.patch
+ Revert-kern-ieee1275-init-ppc64-Introduce-a-request-for-r.patch
+ grub-install-efi-title.patch
* Add grub.ubuntu26,1 SBAT entry to indicate upcoming LTS
grub2 (2.14~git20250718.0e36779-1) experimental; urgency=medium
[ Mate Kukri ]
* Import git snapshot of upcoming GRUB 2.14 upstream release
* d/patches: rebase patches for 2.14 git snapshot
* d/rules: add erofs_test to XFAIL test
* peimage: add NX support, fix some bugs (LP: #2104316)
* Fix ipconfig2 route table parsing (LP: #2088181)
[ Luca Boccassi ]
* efi images: enable 'bli' module
[ Graham Inggs ]
* debian/control: mark qemu-system build-dependency <!nocheck>
[ Pascal Hambourg ]
* debian/grub.d/05_debian_theme: quote background image pathname in output
[ Mate Kukri ]
* Resolve zfs root identification (Closes: #848945)
* Check out missing distfiles from upstream git branch
* d/build-efi-images: Remove filesystems no longer allowed under lockdown
* debian: Remove references to dead ports kfreebsd-* and kopensolaris-*
* d/control: Sync dependencies of grub-efi-{riscv64,loong64} with grub-efi-*
* d/control: Clean up package relations
* debian: Tanglu is a dead distro, drop references to it
* debian: Get rid of non-systemd init scripts
* debian: Merge grub-common into grub2-common
* debian: Get rid of update-grub script for grub-legacy
* debian: Remove support for the yeeloong target
* Remove support for WUBI (Windows Based Ubuntu Installer)
* debian/patches: Drop a number of obsolete patches
* Add "noescape" argument to cmdline creation (LP: #2112179)
* d/control: Cleanup more package relations
* Remove IA64 support
* Remove old maintscripts
* d/postinst.in: remove grub legacy related functionality
* Add Provides grub-common to merged grub2-common
* Update Debian specific SBAT line to grub.debian14 for forky
grub2 (2.12-9) unstable; urgency=medium
* Apply patch by Ben Hutchings to not strip .exec or .image files
(Closes: #1072167)
grub2 (2.12-8) unstable; urgency=medium
[ Mate Kukri ]
* d/default/grub: Always get distributor string from `/etc/os-release`
* Avoid adding extra GNU/Linux suffix to menu entries (Closes: #1076723)
grub2 (2.12-7) unstable; urgency=medium
[ Mate Kukri ]
* Drop NTFS patches that seem to be causing regressions
(Closes: #1100486, #1100470)
grub2 (2.12-6) unstable; urgency=medium
[ Mate Kukri ]
* Fix out of bounds XSDT access, re-enable ACPI SPCR table support
[ Miroslav Kure ]
* Updated Czech translation of grub debconf messages. (Closes: #1035052)
[ Viktar Siarheichyk ]
* Updated Belarusian translation. (Closes: #1034905)
[ Carles Pina i Estany ]
* Update translation
[ Felix Zielcke ]
* Move d/legacy/* files to grub-legacy.
* Remove traces of ../legacy/ dir in d/rules.
[ Mate Kukri ]
* Cherry-pick upstream security patches
* Bump SBAT level to grub,5
* SECURITY UPDATE: video/readers/jpeg: Do not permit duplicate SOF0 markers in JPEG
- CVE-2024-45774
* SECURITY UPDATE: commands/extcmd: Missing check for failed allocation
- CVE-2024-45775
* SECURITY UPDATE: gettext: Integer overflow leads to heap OOB write or read
- CVE-2024-45776
* SECURITY UPDATE: gettext: Integer overflow leads to heap OOB write
- CVE-2024-45777
* SECURITY UPDATE: fs/bfs: Integer overflow
- CVE-2024-45778
* SECURITY UPDATE: fs/bfs: integer overflow leads to heap OOB read
- CVE-2024-45779
* SECURITY UPDATE: fs/tar: Integer overflow leads to heap OOB write
- CVE-2024-45780
* SECURITY UPDATE: fs/ufs: `strcpy` use leading to heap OOB write
- CVE-2024-45781
* SECURITY UPDATE: fs/hfs: `strcpy` use leading to potential heap OOB write
- CVE-2024-45782
* SECURITY UPDATE: fs/hfsplus: incorrect refcount handling leading to UAF
- CVE-2024-45783
* SECURITY UPDATE: command/gpg: Use-after-free due to hooks not being removed on module unload
- CVE-2025-0622
* SECURITY UPDATE: net: Out-of-bounds write in grub_net_search_config_file()
- CVE-2025-0624
* SECURITY UPDATE: UFS: Integer overflow may lead to heap based out-of-bounds write when handling symlinks
- CVE-2025-0677
* SECURITY UPDATE: squash4: Integer overflow may lead to heap based out-of-bounds write when reading data
- CVE-2025-0678
* SECURITY UPDATE: reiserfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
- CVE-2025-0684
* SECURITY UODATE: jfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
- CVE-2025-0685
* SECURITY UPDATE: romfs: Integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data
- CVE-2025-0686
* SECURITY UPDATE: udf: Heap based buffer overflow in grub_udf_read_block() may lead to arbitrary code execution
- CVE-2025-0689
* SECURITY UPDATE: read: Integer overflow may lead to out-of-bounds write
- CVE-2025-0690
* SECURITY UPDATE: commands/dump: The dump command is not in lockdown when secure boot is enabled
- CVE-2025-1118
* SECURITY UPDATE: fs/hfs: Integer overflow may lead to heap based out-of-bounds write
- CVE-2025-1125
* SECURITY UPDATE: insmod: incorrect refcount handling leading to UAF [LP: #2055835]
-- Mate Kukri <mate.kukri at canonical.com> Wed, 13 Aug 2025 14:57:58
+0100
** Changed in: grub2 (Ubuntu)
Status: In Progress => Fix Released
** CVE added: https://cve.org/CVERecord?id=CVE-2024-45774
** CVE added: https://cve.org/CVERecord?id=CVE-2024-45775
** CVE added: https://cve.org/CVERecord?id=CVE-2024-45776
** CVE added: https://cve.org/CVERecord?id=CVE-2024-45777
** CVE added: https://cve.org/CVERecord?id=CVE-2024-45778
** CVE added: https://cve.org/CVERecord?id=CVE-2024-45779
** CVE added: https://cve.org/CVERecord?id=CVE-2024-45780
** CVE added: https://cve.org/CVERecord?id=CVE-2024-45781
** CVE added: https://cve.org/CVERecord?id=CVE-2024-45782
** CVE added: https://cve.org/CVERecord?id=CVE-2024-45783
** CVE added: https://cve.org/CVERecord?id=CVE-2025-0622
** CVE added: https://cve.org/CVERecord?id=CVE-2025-0624
** CVE added: https://cve.org/CVERecord?id=CVE-2025-0677
** CVE added: https://cve.org/CVERecord?id=CVE-2025-0678
** CVE added: https://cve.org/CVERecord?id=CVE-2025-0684
** CVE added: https://cve.org/CVERecord?id=CVE-2025-0685
** CVE added: https://cve.org/CVERecord?id=CVE-2025-0686
** CVE added: https://cve.org/CVERecord?id=CVE-2025-0689
** CVE added: https://cve.org/CVERecord?id=CVE-2025-0690
** CVE added: https://cve.org/CVERecord?id=CVE-2025-1118
** CVE added: https://cve.org/CVERecord?id=CVE-2025-1125
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/2088181
Title:
route_table_size is parsed as number of entries but it should be bytes
Status in grub2 package in Ubuntu:
Fix Released
Bug description:
In https://git.launchpad.net/~ubuntu-uefi-
team/grub/+git/ubuntu/tree/debian/patches/network/support-uefi-
networking-protocols.patch the variable route_table_size is
interpreted as the number of entries of the route table, but the UEFI
spec demands for it to be parsed as the number of bytes in the route
table. This causes a crash in the command net_ls_routes.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/2088181/+subscriptions
More information about the foundations-bugs
mailing list