git.ipfire.org Git - thirdparty/grub.git/commit

author	Javier Martinez Canillas <javierm@redhat.com>
	Tue, 29 Sep 2020 12:08:55 +0000 (14:08 +0200)
committer	Daniel Kiper <daniel.kiper@oracle.com>
	Tue, 2 Mar 2021 14:54:15 +0000 (15:54 +0100)
commit	7630ec5397fe418276b360f9011934b8c034936c
tree	9b7f1ec762ccfe56987809b05f2be01d01f8d3c5	tree \| snapshot
parent	f05e79a0143beb2d9a482a3ebf4fe0ce76778122	commit \| diff

dl: Only allow unloading modules that are not dependencies

When a module is attempted to be removed its reference counter is always
decremented. This means that repeated rmmod invocations will cause the
module to be unloaded even if another module depends on it.

This may lead to a use-after-free scenario allowing an attacker to execute
arbitrary code and by-pass the UEFI Secure Boot protection.

While being there, add the extern keyword to some function declarations in
that header file.

Fixes: CVE-2020-25632
Reported-by: Chris Coulson <chris.coulson@canonical.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

grub-core/commands/minicmd.c		diff \| blob \| blame \| history
grub-core/kern/dl.c		diff \| blob \| blame \| history
include/grub/dl.h		diff \| blob \| blame \| history