]> git.ipfire.org Git - thirdparty/grub.git/commit
kern/acpi: Fix out of bounds access in grub_acpi_xsdt_find_table()
authorBenjamin Herrenschmidt <benh@kernel.crashing.org>
Wed, 16 Oct 2024 05:20:24 +0000 (16:20 +1100)
committerDaniel Kiper <daniel.kiper@oracle.com>
Thu, 31 Oct 2024 15:04:00 +0000 (16:04 +0100)
commit31de991dee02e045fdec2fc1ef32b86a3f3048d5
treed3801208516ecffa0983daa0a52ef46e5538e0a5
parentf5bb766e688b1180e0ace3417d4947a934957a31
kern/acpi: Fix out of bounds access in grub_acpi_xsdt_find_table()

The calculation of the size of the table was incorrect (copy/pasta from
grub_acpi_rsdt_find_table() I assume...). The entries are 64-bit long.

This causes us to access beyond the end of the table which is causing
crashes during boot on some systems. Typically this is causing a crash
on VMWare when using UEFI and enabling serial autodetection, as

  grub_acpi_find_table (GRUB_ACPI_SPCR_SIGNATURE);

will goes past the end of the table (the SPCR table doesn't exits).

Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Reviewed-by: Vladimir Serbinenko <phcoder@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Reviewed-by: Ross Philipson <ross.philipson@oracle.com>
Tested-by: Renata Ravanelli <rravanel@redhat.com>
grub-core/kern/acpi.c