]> git.ipfire.org Git - thirdparty/grub.git/commit
projects / thirdparty / grub.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8f73052) | patch
acpi: Don't register the acpi command when locked down
authorJavier Martinez Canillas <javierm@redhat.com>
Mon, 28 Sep 2020 18:08:41 +0000 (20:08 +0200)
committerDaniel Kiper <daniel.kiper@oracle.com>
Tue, 2 Mar 2021 14:54:15 +0000 (15:54 +0100)
commit3e8e4c0549240fa209acffceb473e1e509b50c95
tree9da6b59d3241f906e687fcf9d959a8500a6a473etree
parent8f73052885892bc0dbc01e297f79d7cf4925e491commit | diff
acpi: Don't register the acpi command when locked down

The command is not allowed when lockdown is enforced. Otherwise an
attacker can instruct the GRUB to load an SSDT table to overwrite
the kernel lockdown configuration and later load and execute
unsigned code.

Fixes: CVE-2020-14372
Reported-by: Máté Kukri <km@mkukri.xyz>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
docs/grub.texi diff | blob | blame | history
grub-core/commands/acpi.c diff | blob | blame | history
Mirror of https://git.savannah.gnu.org/git/grub.git