mirror of
https://git.yoctoproject.org/poky
synced 2026-01-29 21:08:42 +01:00
17a65b334d
References: https://nvd.nist.gov/vuln/detail/CVE-2025-54770 https://nvd.nist.gov/vuln/detail/CVE-2025-61661 https://nvd.nist.gov/vuln/detail/CVE-2025-61662 https://nvd.nist.gov/vuln/detail/CVE-2025-61663 https://nvd.nist.gov/vuln/detail/CVE-2025-61664 (From OE-Core rev: c28fa3e6421257f50d4ae283cca28fadb621f831) Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
41 lines
1.3 KiB
Diff
41 lines
1.3 KiB
Diff
From c24e11d87f8ee8cefd615e0c30eb71ff6149ee50 Mon Sep 17 00:00:00 2001
|
|
From: Jamie <volticks@gmail.com>
|
|
Date: Mon, 14 Jul 2025 09:52:59 +0100
|
|
Subject: [PATCH 2/4] commands/usbtest: Use correct string length field
|
|
|
|
An incorrect length field is used for buffer allocation. This leads to
|
|
grub_utf16_to_utf8() receiving an incorrect/different length and possibly
|
|
causing OOB write. This makes sure to use the correct length.
|
|
|
|
Fixes: CVE-2025-61661
|
|
|
|
CVE: CVE-2025-61661
|
|
|
|
Upstream-Status: Backport
|
|
[https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=549a9cc372fd0b96a4ccdfad0e12140476cc62a3]
|
|
|
|
Reported-by: Jamie <volticks@gmail.com>
|
|
Signed-off-by: Jamie <volticks@gmail.com>
|
|
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
|
|
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
|
|
---
|
|
grub-core/commands/usbtest.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/grub-core/commands/usbtest.c b/grub-core/commands/usbtest.c
|
|
index 2c6d93fe6..8ef187a9a 100644
|
|
--- a/grub-core/commands/usbtest.c
|
|
+++ b/grub-core/commands/usbtest.c
|
|
@@ -99,7 +99,7 @@ grub_usb_get_string (grub_usb_device_t dev, grub_uint8_t index, int langid,
|
|
return GRUB_USB_ERR_NONE;
|
|
}
|
|
|
|
- *string = grub_malloc (descstr.length * 2 + 1);
|
|
+ *string = grub_malloc (descstrp->length * 2 + 1);
|
|
if (! *string)
|
|
{
|
|
grub_free (descstrp);
|
|
--
|
|
2.34.1
|
|
|