mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-03 01:40:07 +00:00
Code Issues Projects Releases Wiki Activity

grub2: CVE-2021-3981 Incorrect permission in grub.cfg allow unprivileged user to read the file content

Browse Source 
Source: https://git.savannah.gnu.org/cgit/grub.git/
MR: 116495
Type: Security Fix
Disposition: Backport from https://git.savannah.gnu.org/cgit/grub.git/diff/util/grub-mkconfig.in?id=0adec29674561034771c13e446069b41ef41e4d4
ChangeID: fce3d59e50320bef247bb981352051b8f953a4fc
Description:
        CVE-2021-3981 grub2: Incorrect permission in grub.cfg allow unprivileged user to read the file content.

Affects "grub2 < 2.06"

(From OE-Core rev: fd9dc688ead5cf0225cba94c380a618e332d548f)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Hitendra Prajapati
2022-06-29 11:24:07 +05:30
committed by Richard Purdie
parent 6e79d96c6d
commit b6f4778e37
2 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-bsp/grub/files/CVE-2021-3981.patch
+32
View File
@@ -0,0 +1,32 @@
From 67740c43c9326956ea5cd6be77f813b5499a56a5 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Mon, 27 Jun 2022 10:15:29 +0530
Subject: [PATCH] CVE-2021-3981
Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/diff/util/grub-mkconfig.in?id=0adec29674561034771c13e446069b41ef41e4d4]
CVE: CVE-2021-3981
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
---
util/grub-mkconfig.in | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/util/grub-mkconfig.in b/util/grub-mkconfig.in
index 9f477ff..ead94a6 100644
--- a/util/grub-mkconfig.in
+++ b/util/grub-mkconfig.in
@@ -287,7 +287,11 @@ and /etc/grub.d/* files or please file a bug report with
exit 1
else
# none of the children aborted with error, install the new grub.cfg
- mv -f ${grub_cfg}.new ${grub_cfg}
+ oldumask=$(umask)
+ umask 077
+ cat ${grub_cfg}.new > ${grub_cfg}
+ umask $oldumask
+ rm -f ${grub_cfg}.new
fi
fi
--
2.25.1
meta/recipes-bsp/grub/grub2.inc
+1
View File
@@ -95,6 +95,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0044-script-execute-Fix-NULL-dereference-in-grub_script_e.patch \
file://0045-commands-ls-Require-device_name-is-not-NULL-before-p.patch \
file://0046-script-execute-Avoid-crash-when-using-outside-a-func.patch \
file://CVE-2021-3981.patch\
"
SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"