Ubuntu
grub2-unsigned package

GRUB may execute the kernel w/ dirty instruction cache on arm64

  1. Bionic (18.04)
  2. Bug #1987924
Bug #1987924 reported by dann frazier
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
grub2-unsigned (Ubuntu)
Fix Released
High
dann frazier
Bionic
Fix Released
High
Unassigned
Focal
Fix Released
High
Unassigned
Jammy
Fix Released
High
Unassigned
Kinetic
Fix Released
High
dann frazier

Bug Description

[Impact]
Similar to bug 1987541, where shim may execute GRUB w/ polluted instruction cache, GRUB itself also fails to flush the instruction cache for the kernel memory before starting it. This is believed to be the source of some rare crashes seen executing instructions in the kernel EFI stub.

[Test Case]
Put an arm64 server in a reboot loop and watch for a crash (synchronous exception abort) after GRUB has started executing the kernel.

[Fix]
https://github.com/rhboot/grub2/commit/4e9020a937a30873fa63ba34e16c1e6fb7e7b718

[What could go wrong]
The only risk I can identify is possibly-measurable performance impact to booting the kernel.

See original description

Related branches

~juliank/grub/+git/ubuntu:boot-complete
Ubuntu Core Development Team: Pending requested
Diff: 33477 lines (+26270/-719) (has conflicts)
219 files modified
ChangeLog (+5278/-0)
INSTALL (+31/-21)
Makefile.am (+1/-1)
Makefile.in (+270/-54)
Makefile.util.am (+16/-7)
Makefile.util.def (+15/-40)
NEWS (+14/-0)
README (+6/-0)
acinclude.m4 (+36/-2)
aclocal.m4 (+1/-0)
autogen.sh (+1/-1)
conf/Makefile.common (+2/-0)
conf/Makefile.extra-dist (+21/-0)
config-util.h.in (+6/-0)
config.h.in (+0/-2)
configure (+192/-39)
configure.ac (+99/-104)
debian/.git-dpm (+3/-0)
debian/NEWS (+8/-0)
debian/README.source (+3/-0)
debian/apport/source_grub2.py (+14/-5)
debian/build-efi-images (+27/-11)
debian/changelog (+1421/-1)
debian/control (+92/-26)
debian/dirs.in (+1/-0)
debian/grub-check-signatures (+21/-0)
debian/grub-common.service (+13/-0)
debian/grub-efi-amd64-bin.maintscript.in (+1/-0)
debian/grub-efi-arm64-bin.maintscript.in (+1/-0)
debian/grub-extras/915resolution/.gitignore (+3/-0)
debian/grub-extras/915resolution/915resolution.c (+29/-8)
debian/grub-extras/disabled/gpxe/.gitignore (+3/-0)
debian/grub-extras/disabled/zfs/.gitignore (+5/-0)
debian/grub-extras/lua/.gitignore (+3/-0)
debian/grub-extras/ntldr-img/.gitignore (+3/-0)
debian/grub.d/05_debian_theme (+2/-2)
debian/legacy/upgrade-from-grub-legacy (+3/-1)
debian/patches/0076-ubuntu-Make-the-linux-command-in-EFI-grub-always-try.patch (+37/-0)
debian/patches/0077-ubuntu-Update-the-linux-boot-protocol-version-check.patch (+7/-0)
debian/patches/0096-linuxefi-fail-kernel-validation-without-shim-protoco.patch (+52/-0)
debian/patches/0099-chainloader-Avoid-a-double-free-when-validation-fail.patch (+7/-0)
debian/patches/0105-efilinux-Fix-integer-overflows-in-grub_cmd_initrd.patch (+7/-0)
debian/patches/0129-loader-efi-chainloader-grub_load_and_start_image-doe.patch (+68/-0)
debian/patches/0130-loader-efi-chainloader-simplify-the-loader-state.patch (+334/-0)
debian/patches/0131-commands-boot-Add-API-to-pass-context-to-loader.patch (+157/-0)
debian/patches/0132-loader-efi-chainloader-Use-grub_loader_set_ex.patch (+144/-0)
debian/patches/0133-loader-i386-efi-linux-Use-grub_loader_set_ex.patch (+306/-0)
debian/patches/0134-loader-i386-efi-linux-Fix-a-memory-leak-in-the-initr.patch (+72/-0)
debian/patches/0135-kern-efi-sb-Reject-non-kernel-files-in-the-shim_lock.patch (+98/-0)
debian/patches/0136-kern-file-Do-not-leak-device_name-on-error-in-grub_f.patch (+36/-0)
debian/patches/0137-video-readers-png-Abort-sooner-if-a-read-operation-f.patch (+196/-0)
debian/patches/0138-video-readers-png-Refuse-to-handle-multiple-image-he.patch (+26/-0)
debian/patches/0139-video-readers-png-Drop-greyscale-support-to-fix-heap.patch (+167/-0)
debian/patches/0140-video-readers-png-Avoid-heap-OOB-R-W-inserting-huff-.patch (+37/-0)
debian/patches/0141-video-readers-png-Sanity-check-some-huffman-codes.patch (+38/-0)
debian/patches/0142-video-readers-jpeg-Abort-sooner-if-a-read-operation-.patch (+253/-0)
debian/patches/0143-video-readers-jpeg-Do-not-reallocate-a-given-huff-ta.patch (+27/-0)
debian/patches/0144-video-readers-jpeg-Refuse-to-handle-multiple-start-o.patch (+41/-0)
debian/patches/0145-video-readers-jpeg-Block-int-underflow-wild-pointer-.patch (+72/-0)
debian/patches/0146-normal-charset-Fix-array-out-of-bounds-formatting-un.patch (+32/-0)
debian/patches/0147-net-netbuff-Block-overly-large-netbuff-allocs.patch (+44/-0)
debian/patches/0148-net-ip-Do-IP-fragment-maths-safely.patch (+42/-0)
debian/patches/0149-net-dns-Fix-double-free-addresses-on-corrupt-DNS-res.patch (+54/-0)
debian/patches/0150-net-dns-Don-t-read-past-the-end-of-the-string-we-re-.patch (+69/-0)
debian/patches/0151-net-tftp-Prevent-a-UAF-and-double-free-from-a-failed.patch (+110/-0)
debian/patches/0152-net-tftp-Avoid-a-trivial-UAF.patch (+33/-0)
debian/patches/0153-net-http-Do-not-tear-down-socket-if-it-s-already-bee.patch (+39/-0)
debian/patches/0154-net-http-Fix-OOB-write-for-split-http-headers.patch (+44/-0)
debian/patches/0155-net-http-Error-out-on-headers-with-LF-without-CR.patch (+46/-0)
debian/patches/0156-fs-f2fs-Do-not-read-past-the-end-of-nat-journal-entr.patch (+70/-0)
debian/patches/0157-fs-f2fs-Do-not-read-past-the-end-of-nat-bitmap.patch (+130/-0)
debian/patches/0158-fs-f2fs-Do-not-copy-file-names-that-are-too-long.patch (+36/-0)
debian/patches/0159-fs-btrfs-Fix-several-fuzz-issues-with-invalid-dir-it.patch (+74/-0)
debian/patches/0160-fs-btrfs-Fix-more-ASAN-and-SEGV-issues-found-with-fu.patch (+132/-0)
debian/patches/0161-fs-btrfs-Fix-more-fuzz-issues-related-to-chunks.patch (+74/-0)
debian/patches/0241-Call-hwmatch-only-on-the-grub-pc-platform.patch (+47/-0)
debian/patches/RISC-V-Update-image-header.patch (+84/-0)
debian/patches/RISC-V-Use-common-linux-loader.patch (+120/-0)
debian/patches/at_keyboard-module-init.patch (+4/-1)
debian/patches/bash-completion-drop-have-checks.patch (+5/-2)
debian/patches/blacklist-1440x900x32.patch (+4/-1)
debian/patches/bootp-new-net_bootp6-command.patch (+22/-17)
debian/patches/bootp-process-dhcpack-http-boot.patch (+20/-15)
debian/patches/cherrypick-efi-grub_efi_close_protocol.patch (+79/-0)
debian/patches/cherrypick-efinet-correct-closing-snp-protocol.patch (+106/-0)
debian/patches/core-in-fs.patch (+3/-4)
debian/patches/debug_verifiers.patch (+27/-0)
debian/patches/default-grub-d.patch (+34/-17)
debian/patches/dejavu-font-path.patch (+22/-0)
debian/patches/disable-floppies.patch (+1/-2)
debian/patches/dpkg-version-comparison.patch (+3/-4)
debian/patches/efi-EFI-Device-Tree-Fixup-Protocol.patch (+140/-0)
debian/patches/efi-add-definition-of-LoadFile2-protocol.patch (+61/-0)
debian/patches/efi-correct-struct-grub_efi_boot_services.patch (+28/-0)
debian/patches/efi-implement-grub_efi_run_image.patch (+900/-0)
debian/patches/efi-implemented-LoadFile2-initrd-loading-protocol-fo.patch (+183/-0)
debian/patches/efi-variable-storage-minimise-writes.patch (+60/-11)
debian/patches/efinet-set-dns-from-uefi-proto.patch (+13/-8)
debian/patches/efinet-set-network-from-uefi-devpath.patch (+8/-5)
debian/patches/efinet-uefi-ipv6-pxe-support.patch (+8/-5)
debian/patches/efivar-check-that-efivarfs-is-writeable.patch (+74/-0)
debian/patches/fat-fix-listing-the-root-directory.patch (+46/-0)
debian/patches/fdt-add-debug-output-to-devicetree-command.patch (+31/-0)
debian/patches/gettext-quiet.patch (+4/-1)
debian/patches/gfxpayload-dynamic.patch (+23/-7)
debian/patches/gfxpayload-keep-default.patch (+9/-0)
debian/patches/grub-install-pvxen-paths.patch (+14/-3)
debian/patches/grub-legacy-0-based-partitions.patch (+1/-2)
debian/patches/grub.cfg-400.patch (+2/-3)
debian/patches/ieee1275-clear-reset.patch (+4/-1)
debian/patches/ignore-grub_func_test-failures.patch (+4/-1)
debian/patches/insmod-xzio-and-lzopio-on-xen.patch (+7/-0)
debian/patches/install-efi-adjust-distributor.patch (+33/-0)
debian/patches/install-efi-fallback.patch (+5/-2)
debian/patches/install-efi-ubuntu-flavours.patch (+3/-0)
debian/patches/install-locale-langpack.patch (+10/-7)
debian/patches/install-powerpc-machtypes.patch (+18/-11)
debian/patches/install-stage2-confusion.patch (+9/-6)
debian/patches/linux-ignore-FDT-unless-we-need-to-modify-it.patch (+80/-0)
debian/patches/linux_xen-Properly-load-multiple-initrd-files.patch (+123/-0)
debian/patches/linux_xen-Properly-order-multiple-initrd-files.patch (+79/-0)
debian/patches/linuxefi-Invalidate-i-cache-before-starting-the-kern.patch (+111/-0)
debian/patches/linuxefi-do-not-validate-kernels-twice.patch (+227/-0)
debian/patches/loader-Move-arm64-linux-loader-to-common-code.patch (+1091/-0)
debian/patches/loader-drop-argv-argument-in-grub_initrd_load.patch (+178/-0)
debian/patches/maybe-quiet.patch (+30/-21)
debian/patches/minilzo-2.10.patch (+2538/-0)
debian/patches/mkconfig-loopback.patch (+11/-4)
debian/patches/mkconfig-mid-upgrade.patch (+3/-0)
debian/patches/mkconfig-nonexistent-loopback.patch (+11/-8)
debian/patches/mkconfig-other-inits.patch (+14/-3)
debian/patches/mkconfig-recovery-title.patch (+17/-10)
debian/patches/mkconfig-signed-kernel.patch (+9/-0)
debian/patches/mkconfig-ubuntu-distributor.patch (+7/-0)
debian/patches/mkconfig-ubuntu-recovery.patch (+18/-5)
debian/patches/mkimage-fix-section-sizes.patch (+108/-0)
debian/patches/mkrescue-efi-modules.patch (+6/-3)
debian/patches/net-read-bracketed-ipv6-addr.patch (+20/-16)
debian/patches/no-devicetree-if-secure-boot.patch (+8/-5)
debian/patches/no-insmod-on-sb.patch (+8/-58)
debian/patches/olpc-prefix-hack.patch (+1/-2)
debian/patches/pc-verifiers-module.patch (+166/-0)
debian/patches/ppc64el-disable-vsx.patch (+4/-1)
debian/patches/probe-fusionio.patch (+8/-5)
debian/patches/quick-boot-lvm.patch (+6/-3)
debian/patches/quick-boot.patch (+34/-20)
debian/patches/restore-mkdevicemap.patch (+26/-13)
debian/patches/rhboot-f34-dont-use-int-for-efi-status.patch (+7/-0)
debian/patches/rhboot-f34-efinet-also-use-the-firmware-acceleration-for-http.patch (+26/-0)
debian/patches/rhboot-f34-make-exit-take-a-return-code.patch (+68/-0)
debian/patches/rhboot-f34-make-pmtimer-tsc-calibration-fast.patch (+11/-0)
debian/patches/rhboot-try-to-pick-better-locations-for-kernel-and-initrd.patch (+215/-0)
debian/patches/riscv-adjust-march-flags-for-binutils-2.38.patch (+43/-0)
debian/patches/series (+122/-4)
debian/patches/skip-grub_cmd_set_date.patch (+4/-1)
debian/patches/sleep-shift.patch (+3/-0)
debian/patches/suse-AUDIT-0-http-boot-tracker-bug.patch (+68/-0)
debian/patches/suse-add-support-for-UEFI-network-protocols.patch (+4941/-0)
debian/patches/suse-grub.texi-add-net_bootp6-document.patch (+49/-0)
debian/patches/tests-ahci-update-qemu-device-name.patch (+33/-0)
debian/patches/tpm-unknown-error-non-fatal.patch (+30/-0)
debian/patches/ubuntu-add-devicetree-command-support.patch (+7/-0)
debian/patches/ubuntu-add-initrd-less-boot-fallback.patch (+44/-0)
debian/patches/ubuntu-add-initrd-less-boot-messages.patch (+24/-0)
debian/patches/ubuntu-boot-from-multipath-dependent-symlink.patch (+7/-0)
debian/patches/ubuntu-disable-LOAD-FILE2-protocol-for-initrd-on-ARM.patch (+63/-0)
debian/patches/ubuntu-dont-verify-loopback-images.patch (+11/-0)
debian/patches/ubuntu-efi-allow-loopmount-chainload.patch (+27/-0)
debian/patches/ubuntu-fix-lzma-decompressor-objcopy.patch (+10/-0)
debian/patches/ubuntu-fix-reproducible-squashfs-test.patch (+7/-0)
debian/patches/ubuntu-flavour-order.patch (+17/-0)
debian/patches/ubuntu-fuse3.patch (+108/-0)
debian/patches/ubuntu-grub-install-extra-removable.patch (+37/-0)
debian/patches/ubuntu-install-signed.patch (+41/-0)
debian/patches/ubuntu-linuxefi-arm64-set-base-addr.patch (+22/-0)
debian/patches/ubuntu-linuxefi-arm64.patch (+90/-0)
debian/patches/ubuntu-linuxefi.patch (+510/-0)
debian/patches/ubuntu-mkconfig-leave-breadcrumbs.patch (+10/-0)
debian/patches/ubuntu-os-prober-auto.patch (+51/-0)
debian/patches/ubuntu-recovery-dis_ucode_ldr.patch (+15/-0)
debian/patches/ubuntu-resilient-boot-boot-order.patch (+45/-0)
debian/patches/ubuntu-resilient-boot-ignore-alternative-esps.patch (+11/-0)
debian/patches/ubuntu-shorter-version-info.patch (+18/-0)
debian/patches/ubuntu-skip-disk-by-id-lvm-pvm-uuid-entries.patch (+10/-0)
debian/patches/ubuntu-speed-zsys-history.patch (+34/-0)
debian/patches/ubuntu-support-initrd-less-boot.patch (+27/-0)
debian/patches/ubuntu-temp-keep-auto-nvram.patch (+7/-0)
debian/patches/ubuntu-verifiers-last.patch (+59/-0)
debian/patches/ubuntu-zfs-enhance-support.patch (+46/-0)
debian/patches/ubuntu-zfs-gfxpayload-dynamic.patch (+95/-0)
debian/patches/ubuntu-zfs-gfxpayload-keep-default.patch (+38/-0)
debian/patches/ubuntu-zfs-insmod-xzio-and-lzopio-on-xen.patch (+32/-0)
debian/patches/ubuntu-zfs-maybe-quiet.patch (+72/-0)
debian/patches/ubuntu-zfs-mkconfig-recovery-title.patch (+49/-0)
debian/patches/ubuntu-zfs-mkconfig-signed-kernel.patch (+51/-0)
debian/patches/ubuntu-zfs-mkconfig-ubuntu-distributor.patch (+36/-0)
debian/patches/ubuntu-zfs-mkconfig-ubuntu-recovery.patch (+66/-0)
debian/patches/ubuntu-zfs-quick-boot.patch (+50/-0)
debian/patches/ubuntu-zfs-vt-handoff.patch (+77/-0)
debian/patches/uefi-firmware-setup.patch (+3/-0)
debian/patches/uefi-secure-boot-cryptomount.patch (+11/-0)
debian/patches/vsnprintf-upper-case-hex.patch (+3/-0)
debian/patches/vt-handoff.patch (+9/-2)
debian/patches/wubi-no-windows.patch (+6/-3)
debian/patches/xen-no-xsm-policy-in-non-xsm-options.patch (+34/-0)
debian/patches/xfs-fix-v4-superblock.patch (+121/-0)
debian/patches/zpool-full-device-name.patch (+4/-1)
debian/patches/zstd-require-8-byte-buffer.patch (+63/-0)
debian/postinst.in (+91/-7)
debian/postrm.in (+2/-2)
debian/rules (+113/-10)
debian/sbat.debian.csv.in (+3/-0)
debian/sbat.ubuntu.csv.in (+3/-0)
debian/signing-template/control.in (+1/-1)
dev/null (+0/-1)
docs/Makefile.in (+2/-2)
docs/grub-dev.info (+113/-45)
docs/grub-dev.texi (+65/-1)
docs/grub.info (+2/-1)
~dannf/grub:ubuntu-flush-cache
Ubuntu Core Development Team: Pending requested
Diff: 109 lines (+95/-0)
2 files modified
debian/patches/linuxefi-Invalidate-i-cache-before-starting-the-kern.patch (+94/-0)
debian/patches/series (+1/-0)

CVE References

dann frazier (dannf)
no longer affects: grub2 (Ubuntu)
dann frazier (dannf)
no longer affects: grub2 (Ubuntu Bionic)
no longer affects: grub2 (Ubuntu Focal)
no longer affects: grub2 (Ubuntu Jammy)
no longer affects: grub2 (Ubuntu Kinetic)
Changed in grub2-unsigned (Ubuntu Kinetic):
assignee: nobody → dann frazier (dannf)
status: New → Fix Committed
Matthieu Clemenceau (mclemenceau)
tags: added: foundations-triage-discuss
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package grub2-unsigned - 2.06-2ubuntu12

---------------
grub2-unsigned (2.06-2ubuntu12) kinetic; urgency=medium

  * ubuntu-zfs-enhance-support.patch: Fix missing lines (LP: #1990143)
  * Source package generated from src:grub2 using make -f ./debian/rules
    generate-grub2-unsigned

 -- Julian Andres Klode <email address hidden> Mon, 19 Sep 2022 16:00:47 +0200

Changed in grub2-unsigned (Ubuntu Kinetic):
status: Fix Committed → Fix Released
Julian Andres Klode (juliank)
tags: removed: foundations-triage-discuss
Changed in grub2-unsigned (Ubuntu Kinetic):
importance: Undecided → High
Changed in grub2-unsigned (Ubuntu Jammy):
importance: Undecided → High
Changed in grub2-unsigned (Ubuntu Focal):
importance: Undecided → High
Changed in grub2-unsigned (Ubuntu Bionic):
importance: Undecided → High
Revision history for this message
dann frazier (dannf) wrote :

The fix has now been merged into the rhboot tree: https://github.com/rhboot/grub2/commit/4e9020a937a30873fa63ba34e16c1e6fb7e7b718

description: updated
Julian Andres Klode (juliank)
tags: added: foundations-todo
Revision history for this message
Steve Langasek (vorlon) wrote : Please test proposed package

Hello dann, or anyone else affected,

Accepted grub2-unsigned into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/grub2-unsigned/2.04-1ubuntu47.5 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in grub2-unsigned (Ubuntu Focal):
status: New → Fix Committed
tags: added: verification-needed verification-needed-focal
Revision history for this message
dann frazier (dannf) wrote :

= verification =
I've rebooted a BlueField 2 device several times with this update. I've neither seen a hang nor any sign of regression.

ubuntu@localhost:~$ dpkg -l | grep grub
ii grub-common 2.04-1ubuntu26.16 arm64 GRand Unified Bootloader (common files)
ii grub-efi-arm64 2.04-1ubuntu47.5 arm64 GRand Unified Bootloader, version 2 (ARM64 UEFI version)
ii grub-efi-arm64-bin 2.04-1ubuntu47.5 arm64 GRand Unified Bootloader, version 2 (ARM64 UEFI modules)
ii grub-efi-arm64-signed 1.173.4+2.04-1ubuntu47.5 arm64 GRand Unified Bootloader, version 2 (EFI-ARM64 version, signed)
ii grub2-common 2.04-1ubuntu26.16 arm64 GRand Unified Bootloader (common files for version 2)

tags: added: verification-done verification-done-focal
removed: verification-needed verification-needed-focal
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package grub2-unsigned - 2.04-1ubuntu47.5

---------------
grub2-unsigned (2.04-1ubuntu47.5) focal; urgency=medium

  [ Chris Coulson ]
  * SECURITY UPDATE: Fix out of bounds writes due specially crafted fonts.
    - add debian/patches/font-Fix-several-integer-overflows-in-grub_font_construct.patch
    - add debian/patches/font-Fix-an-integer-underflow-in-blit_comb.patch
    - CVE-2022-2601, CVE-2022-3775
    - LP: #1996950
  * Fix various issues as a result of fuzzing, static analysis and code
    review:
    - add debian/patches/font-Reject-glyphs-exceeds-font-max_glyph_width-or-font-m.patch
    - add debian/patches/font-Fix-size-overflow-in-grub_font_get_glyph_internal.patch
    - add debian/patchces/font-Remove-grub_font_dup_glyph.patch
    - add debian/patches/font-Fix-integer-overflow-in-ensure_comb_space.patch
    - add debian/patches/font-Fix-integer-overflow-in-BMP-index.patch
    - add debian/patches/font-Fix-integer-underflow-in-binary-search-of-char-index.patch
    - add debian/patches/fbutil-Fix-integer-overflow.patch
    - add debian/patches/font-Harden-grub_font_blit_glyph-and-grub_font_blit_glyph.patch
    - add debian/patches/font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
    - add debian/patches/normal-charset-Fix-an-integer-overflow-in-grub_unicode_ag.patch
  * Forbid loading of external fonts when secure boot is enabled:
    - add debian/patches/font-Forbid-loading-of-font-files-when-secure-boot-is-ena.patch
  * Bundle unicode.pf2 in a squashfs memdisk attached to the signed EFI binary
    - update debian/control
    - update debian/build-efi-image
    - add debian/patches/font-Try-opening-fonts-from-the-bundled-memdisk.patch
  * Fix the squashfs tests during the build
    - remove debian/patches/ubuntu-fix-reproducible-squashfs-test.patch
    - add debian/patches/tests-Explicitly-unset-SOURCE_DATE_EPOCH-before-running-f.patch
  * Bump SBAT generation:
    - update debian/sbat.ubuntu.csv.in
  * Make grub-efi-{amd64,arm64} depend on grub2-common 2.02~beta2-36ubuntu3.33
    in xenial and 2.02-2ubuntu8.25 in bionic to fix LP: #1995751 (thanks
    Julian Klode for the base-files hack to make a single binary be able to
    depend on 2 different versions of the same package)

  [ dann frazier ]
  * linuxefi: Invalidate i-cache before starting the kernel (LP: #1987924)
    - d/p/linuxefi-Invalidate-i-cache-before-starting-the-kern.patch

  [ Chris Coulson ]
  * Source package generated from src:grub2 using make -f ./debian/rules
    generate-grub2-unsigned

 -- Chris Coulson <email address hidden> Thu, 17 Nov 2022 13:27:15 +0000

Changed in grub2-unsigned (Ubuntu Focal):
status: Fix Committed → Fix Released
Revision history for this message
Steve Langasek (vorlon) wrote : Update Released

The verification of the Stable Release Update for grub2-unsigned has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package grub2-unsigned - 2.06-2ubuntu14

---------------
grub2-unsigned (2.06-2ubuntu14) kinetic; urgency=medium

  * SECURITY UPDATE: Fix out of bounds writes due specially crafted fonts.
    - add debian/patches/font-Fix-several-integer-overflows-in-grub_font_construct.patch
    - add debian/patches/font-Fix-an-integer-underflow-in-blit_comb.patch
    - CVE-2022-2601, CVE-2022-3775
    - LP: #1996950
  * Fix various issues as a result of fuzzing, static analysis and code
    review:
    - add debian/patches/font-Reject-glyphs-exceeds-font-max_glyph_width-or-font-m.patch
    - add debian/patches/font-Fix-size-overflow-in-grub_font_get_glyph_internal.patch
    - add debian/patchces/font-Remove-grub_font_dup_glyph.patch
    - add debian/patches/font-Fix-integer-overflow-in-ensure_comb_space.patch
    - add debian/patches/font-Fix-integer-overflow-in-BMP-index.patch
    - add debian/patches/font-Fix-integer-underflow-in-binary-search-of-char-index.patch
    - add debian/patches/fbutil-Fix-integer-overflow.patch
    - add debian/patches/font-Harden-grub_font_blit_glyph-and-grub_font_blit_glyph.patch
    - add debian/patches/font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
    - add debian/patches/normal-charset-Fix-an-integer-overflow-in-grub_unicode_ag.patch
  * Enforce verification of fonts when secure boot is enabled:
    - add debian/patches/kern-efi-sb-Enforce-verification-of-font-files.patch
  * Bundle unicode.pf2 in a squashfs memdisk attached to the signed EFI binary
    - update debian/control
    - update debian/build-efi-image
    - add debian/patches/font-Try-opening-fonts-from-the-bundled-memdisk.patch
  * Fix LP: #1997006 - add support for performing measurements to RTMRs
    - add debian/patches/commands-efi-tpm-Refine-the-status-of-log-event.patch
    - add debian/patches/commands-efi-tpm-Use-grub_strcpy-instead-of-grub_memcpy.patch
    - add debian/patches/efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch
  * Fix the squashfs tests during the build
    - remove debian/patches/ubuntu-fix-reproducible-squashfs-test.patch
    - add debian/patches/tests-Explicitly-unset-SOURCE_DATE_EPOCH-before-running-f.patch
  * Bump SBAT generation:
    - update debian/sbat.ubuntu.csv.in
  * Source package generated from src:grub2 using make -f ./debian/rules
    generate-grub2-unsigned

 -- Chris Coulson <email address hidden> Wed, 16 Nov 2022 14:40:42 +0000

Changed in grub2-unsigned (Ubuntu Jammy):
status: New → Fix Released
Launchpad Janitor (janitor)
Changed in grub2-unsigned (Ubuntu Bionic):
status: New → Fix Released
Benjamin Drung (bdrung)
tags: removed: foundations-todo
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.