]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 91848ac) | patch
grub2: fix CVE-2024-56738
authorRoss Burton <ross.burton@arm.com>
Wed, 17 Sep 2025 09:43:04 +0000 (02:43 -0700)
committerSteve Sakoman <steve@sakoman.com>
Wed, 17 Sep 2025 16:32:52 +0000 (09:32 -0700)
commit319210be147ec57518c237cb705857aeda9943e6
tree5f41aa62f2dc36f904eab9676d6c843a89498e5atree | snapshot
parent91848ac13ec18f98469f7f8ed68c6153fea31607commit | diff
grub2: fix CVE-2024-56738

Backport an algorithmic change to grub_crypto_memcmp() so that it
completes in constant time and thus isn't susceptible to side-channel
attacks.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 30a1cc225a2bd5d044bf608d863a67df3f9c03be)
Signed-off-by: Shubham Pushpkar <spushpka@cisco.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-bsp/grub/files/CVE-2024-56738.patch [new file with mode: 0644] blob
meta/recipes-bsp/grub/grub2.inc diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib