]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
grub2: fix CVE-2024-56738
authorRoss Burton <ross.burton@arm.com>
Tue, 9 Sep 2025 14:31:18 +0000 (15:31 +0100)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 11 Sep 2025 09:45:09 +0000 (10:45 +0100)
commit30a1cc225a2bd5d044bf608d863a67df3f9c03be
treebc50db6eeaff441beab1e0daaa904fe117eb6559
parent8d2fe3f403e6435e1ffe122a6776381090752d8a
grub2: fix CVE-2024-56738

Backport an algorithmic change to grub_crypto_memcmp() so that it
completes in constant time and thus isn't susceptible to side-channel
attacks.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-bsp/grub/files/CVE-2024-56738.patch [new file with mode: 0644]
meta/recipes-bsp/grub/grub2.inc