proxmox-mirrors/grub2
1
0
Fork 0
mirror of https://git.proxmox.com/git/grub2 synced 2025-11-02 20:58:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
c3037730d4
grub2/grub-core/commands
History
Javier Martinez Canillas c3037730d4 acpi: Don't register the acpi command when locked down 
The command is not allowed when lockdown is enforced. Otherwise an
attacker can instruct the GRUB to load an SSDT table to overwrite
the kernel lockdown configuration and later load and execute
unsigned code.

Fixes: CVE-2020-14372

Reported-by: Máté Kukri <km@mkukri.xyz>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

Patch-Name: 2021-02-security/006-acpi-Don-t-register-the-acpi-command-when-locked-down.patch
2021-02-27 14:45:58 +00:00
..
arc Remove nested functions from device iterators. 2013-01-20 15:52:15 +00:00
efi calloc: Use calloc() at most places 2020-07-24 22:42:16 +01:00
i386 efi: Use grub_is_lockdown() instead of hardcoding a disabled modules list 2021-02-27 14:45:57 +00:00
ieee1275 * grub-core/commands/gptsync.c: Fix typographic quoting. 2012-03-03 13:05:08 +01:00
mips/loongson * grub-core/commands/i386/pc/drivemap.c: Add TRANSLATORS comments. 2012-03-02 15:09:10 +01:00
xen Correct some translatable strings. 2013-12-21 03:03:31 +01:00
acpi.c acpi: Don't register the acpi command when locked down 2021-02-27 14:45:58 +00:00
acpihalt.c acpihalt: add GRUB_ACPI_OPCODE_CREATE_DWORD_FIELD (0x8a) 2016-01-02 21:33:18 +03:00
blocklist.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
boot.c Add new ports: i386-xen and x86_64-xen. This allows running GRUB in 2013-11-09 21:29:11 +01:00
boottime.c Clarify several translatable messages. 2013-12-21 03:21:45 +01:00
cacheinfo.c cacheinfo: Add missing license information. 2015-03-20 11:13:58 +01:00
cat.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
cmp.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
configfile.c * grub-core/commands/configfile.c (GRUB_MOD_INIT): Correct 2012-10-12 15:34:33 +01:00
date.c * grub-core/commands/date.c (GRUB_MOD_INIT): Remove non-uniform 2012-03-03 13:09:14 +01:00
echo.c Implement automatic module license checking according to new GNU 2011-04-11 23:01:51 +02:00
eval.c * grub-core/script/execute.c (grub_script_execute_sourcecode): Split 2013-06-07 18:40:37 +02:00
extcmd.c kern: Add lockdown support 2021-02-27 14:43:55 +00:00
file32.c Implement grub_file tool and use it to implement generating of config 2013-12-17 14:39:48 +01:00
file64.c Implement grub_file tool and use it to implement generating of config 2013-12-17 14:39:48 +01:00
file.c RISC-V: Add to build system 2019-02-25 14:02:05 +01:00
fileXX.c commands/fileXX: Fix remaining memory leak. 2015-01-25 16:36:30 +03:00
gptsync.c gptsync: Add missing device_close. 2015-01-24 20:52:02 +01:00
halt.c Add noreturn attributes and remove unreachable code. 2011-12-13 15:13:51 +01:00
hashsum.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
hdparm.c i386, x86_64, ppc: fix switch fallthrough cases with GCC7 2017-04-04 19:23:55 +03:00
help.c * include/grub/list.h (FOR_LIST_ELEMENTS_SAFE): New macro. 2012-07-02 11:19:22 +02:00
hexdump.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
iorw.c efi: Use grub_is_lockdown() instead of hardcoding a disabled modules list 2021-02-27 14:45:57 +00:00
keylayouts.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
keystatus.c Fix USB devices not being detected when requested 2013-03-19 20:35:21 +01:00
legacycfg.c malloc: Use overflow checking primitives where we do complex allocations 2020-07-24 22:42:22 +01:00
loadenv.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
ls.c Change fs functions to add fs_ prefix 2019-04-09 10:03:29 +10:00
lsacpi.c * grub-core/commands/lsacpi.c: Fix types on 64-bit platform. 2013-02-06 17:37:29 +01:00
lsmmap.c Translate UEFI persistent memory type 2015-12-15 10:25:34 +03:00
lspci.c Remove nested functions from PCI iterators. 2013-01-13 01:10:41 +00:00
macbless.c Change fs functions to add fs_ prefix 2019-04-09 10:03:29 +10:00
memrw.c efi: Use grub_is_lockdown() instead of hardcoding a disabled modules list 2021-02-27 14:45:57 +00:00
menuentry.c calloc: Use calloc() at most places 2020-07-24 22:42:16 +01:00
minicmd.c dl: Add support for persistent modules 2018-11-09 13:25:31 +01:00
nativedisk.c calloc: Use calloc() at most places 2020-07-24 22:42:16 +01:00
parttool.c calloc: Use calloc() at most places 2020-07-24 22:42:16 +01:00
password_pbkdf2.c password_pbkdf2: fix memory leak 2016-01-12 20:53:26 +03:00
password.c Improve gettext support. Stylistic fixes and error handling fixes while 2012-02-08 19:26:01 +01:00
pcidump.c Clarify several translatable messages. 2013-12-21 01:41:16 +01:00
pgp.c Change fs functions to add fs_ prefix 2019-04-09 10:03:29 +10:00
probe.c Change fs functions to add fs_ prefix 2019-04-09 10:03:29 +10:00
read.c Implement automatic module license checking according to new GNU 2011-04-11 23:01:51 +02:00
reboot.c Add noreturn attributes and remove unreachable code. 2011-12-13 15:13:51 +01:00
regexp.c calloc: Use calloc() at most places 2020-07-24 22:42:16 +01:00
search_file.c * grub-core/commands/search_file.c (SEARCH_TARGET): Remove obsolete 2012-02-03 11:46:18 +01:00
search_label.c * grub-core/commands/search_file.c (SEARCH_TARGET): Remove obsolete 2012-02-03 11:46:18 +01:00
search_uuid.c * grub-core/commands/search_file.c (SEARCH_TARGET): Remove obsolete 2012-02-03 11:46:18 +01:00
search_wrap.c calloc: Use calloc() at most places 2020-07-24 22:42:16 +01:00
search.c Change fs functions to add fs_ prefix 2019-04-09 10:03:29 +10:00
setpci.c Rewrite spkmodem to use PIT for timing. Double the speed. 2013-01-17 20:06:52 +01:00
sleep.c Allow Shift to interrupt 'sleep --interruptible' 2020-03-07 12:21:23 +00:00
syslinuxcfg.c commands/syslinux: Add missing free. 2015-01-24 21:23:25 +01:00
terminal.c Fix USB devices not being detected when requested 2013-03-19 20:35:21 +01:00
test.c Change fs functions to add fs_ prefix 2019-04-09 10:03:29 +10:00
testload.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
testspeed.c verifiers: File type for fine-grained signature-verification controlling 2018-11-09 13:25:31 +01:00
time.c Improve string. Gettextize. 2012-02-12 15:25:25 +01:00
tpm.c verifiers: Core TPM support 2018-12-12 14:51:26 +01:00
tr.c commands/tr: Simplify and fix missing parameter test. 2015-01-24 21:25:42 +01:00
true.c * grub-core/commands/acpihalt.c: Add TRANSLATORS comments. 2012-03-03 12:59:28 +01:00
usbtest.c usbtest: Disable gcc9 -Waddress-of-packed-member 2019-04-23 11:37:08 +02:00
videoinfo.c * grub-core/commands/videoinfo.c: Use "paletted" rather than "packed 2013-05-07 14:44:05 +02:00
videotest.c * grub-core/commands/videotest.c: Reduce flickering and draw 6 squares 2013-05-02 14:34:13 +02:00
wildcard.c malloc: Use overflow checking primitives where we do complex allocations 2020-07-24 22:42:22 +01:00
xnu_uuid.c * grub-core/commands/xnu_uuid.c: Remove variable length arrays. 2013-11-12 01:19:34 +01:00