tablet/grub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

commands/pgp: Unregister the "check_signatures" hooks on module unload

Browse Source 
If the hooks are not removed they can be called after the module has
been unloaded leading to an use-after-free.

Fixes: CVE-2025-0622

Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
B Horn 2024-11-01 19:24:29 +00:00 committed by Daniel Kiper
parent 0bf56bce47
commit 2123c5bca7
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
grub-core/commands/pgp.c
View File

@ -1010,6 +1010,8 @@ GRUB_MOD_INIT(pgp)
GRUB_MOD_FINI(pgp)
{
grub_register_variable_hook ("check_signatures", NULL, NULL);
grub_env_unset ("check_signatures");
grub_verifier_unregister (&grub_pubkey_verifier);
grub_unregister_extcmd (cmd);
grub_unregister_extcmd (cmd_trust);