]> git.proxmox.com Git - grub2.git/commit
projects / grub2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3e8e4c0) | patch
mmap: Don't register cutmem and badram commands when lockdown is enforced
authorJavier Martinez Canillas <javierm@redhat.com>
Wed, 14 Oct 2020 14:33:42 +0000 (16:33 +0200)
committerDaniel Kiper <daniel.kiper@oracle.com>
Tue, 2 Mar 2021 14:54:15 +0000 (15:54 +0100)
commitd298b41f90cbf1f2e5a10e29daa1fc92ddee52c9
tree926a20685d5f26c611dd3771bb9106fe0892c665tree
parent3e8e4c0549240fa209acffceb473e1e509b50c95commit | diff
mmap: Don't register cutmem and badram commands when lockdown is enforced

The cutmem and badram commands can be used to remove EFI memory regions
and potentially disable the UEFI Secure Boot. Prevent the commands to be
registered if the GRUB is locked down.

Fixes: CVE-2020-27779
Reported-by: Teddy Reed <teddy.reed@gmail.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
docs/grub.texi diff | blob | blame | history
grub-core/mmap/mmap.c diff | blob | blame | history
The GNU GRand Unified Bootloader for Proxmox projects