[Bug 1987924] Re: GRUB may execute the kernel w/ dirty instruction cache on arm64
Launchpad Bug Tracker
1987924 at bugs.launchpad.net
Mon Jan 30 15:14:19 UTC 2023
This bug was fixed in the package grub2-unsigned - 2.06-2ubuntu14
---------------
grub2-unsigned (2.06-2ubuntu14) kinetic; urgency=medium
* SECURITY UPDATE: Fix out of bounds writes due specially crafted fonts.
- add debian/patches/font-Fix-several-integer-overflows-in-grub_font_construct.patch
- add debian/patches/font-Fix-an-integer-underflow-in-blit_comb.patch
- CVE-2022-2601, CVE-2022-3775
- LP: #1996950
* Fix various issues as a result of fuzzing, static analysis and code
review:
- add debian/patches/font-Reject-glyphs-exceeds-font-max_glyph_width-or-font-m.patch
- add debian/patches/font-Fix-size-overflow-in-grub_font_get_glyph_internal.patch
- add debian/patchces/font-Remove-grub_font_dup_glyph.patch
- add debian/patches/font-Fix-integer-overflow-in-ensure_comb_space.patch
- add debian/patches/font-Fix-integer-overflow-in-BMP-index.patch
- add debian/patches/font-Fix-integer-underflow-in-binary-search-of-char-index.patch
- add debian/patches/fbutil-Fix-integer-overflow.patch
- add debian/patches/font-Harden-grub_font_blit_glyph-and-grub_font_blit_glyph.patch
- add debian/patches/font-Assign-null_font-to-glyphs-in-ascii_font_glyph.patch
- add debian/patches/normal-charset-Fix-an-integer-overflow-in-grub_unicode_ag.patch
* Enforce verification of fonts when secure boot is enabled:
- add debian/patches/kern-efi-sb-Enforce-verification-of-font-files.patch
* Bundle unicode.pf2 in a squashfs memdisk attached to the signed EFI binary
- update debian/control
- update debian/build-efi-image
- add debian/patches/font-Try-opening-fonts-from-the-bundled-memdisk.patch
* Fix LP: #1997006 - add support for performing measurements to RTMRs
- add debian/patches/commands-efi-tpm-Refine-the-status-of-log-event.patch
- add debian/patches/commands-efi-tpm-Use-grub_strcpy-instead-of-grub_memcpy.patch
- add debian/patches/efi-tpm-Add-EFI_CC_MEASUREMENT_PROTOCOL-support.patch
* Fix the squashfs tests during the build
- remove debian/patches/ubuntu-fix-reproducible-squashfs-test.patch
- add debian/patches/tests-Explicitly-unset-SOURCE_DATE_EPOCH-before-running-f.patch
* Bump SBAT generation:
- update debian/sbat.ubuntu.csv.in
* Source package generated from src:grub2 using make -f ./debian/rules
generate-grub2-unsigned
-- Chris Coulson <chris.coulson at canonical.com> Wed, 16 Nov 2022
14:40:42 +0000
** Changed in: grub2-unsigned (Ubuntu Jammy)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1987924
Title:
GRUB may execute the kernel w/ dirty instruction cache on arm64
Status in grub2-unsigned package in Ubuntu:
Fix Released
Status in grub2-unsigned source package in Bionic:
New
Status in grub2-unsigned source package in Focal:
Fix Released
Status in grub2-unsigned source package in Jammy:
Fix Released
Status in grub2-unsigned source package in Kinetic:
Fix Released
Bug description:
[Impact]
Similar to bug 1987541, where shim may execute GRUB w/ polluted instruction cache, GRUB itself also fails to flush the instruction cache for the kernel memory before starting it. This is believed to be the source of some rare crashes seen executing instructions in the kernel EFI stub.
[Test Case]
Put an arm64 server in a reboot loop and watch for a crash (synchronous exception abort) after GRUB has started executing the kernel.
[Fix]
https://github.com/rhboot/grub2/commit/4e9020a937a30873fa63ba34e16c1e6fb7e7b718
[What could go wrong]
The only risk I can identify is possibly-measurable performance impact to booting the kernel.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2-unsigned/+bug/1987924/+subscriptions
More information about the foundations-bugs
mailing list