tablet/grub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

commands/minicmd: Block the dump command in lockdown mode

Browse Source 
The dump enables a user to read memory which should not be possible
in lockdown mode.

Fixes: CVE-2025-1118

Reported-by: B Horn <b@horn.uk>
Reported-by: Jonathan Bar Or <jonathanbaror@gmail.com>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This commit is contained in:
B Horn 2024-04-18 20:29:39 +01:00 committed by Daniel Kiper
parent c68b7d2362
commit 34824806ac
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
grub-core/commands/minicmd.c
View File

@ -203,8 +203,8 @@ GRUB_MOD_INIT(minicmd)
grub_register_command ("help", grub_mini_cmd_help,
0, N_("Show this message."));
cmd_dump =
grub_register_command ("dump", grub_mini_cmd_dump,
N_("ADDR [SIZE]"), N_("Show memory contents."));
grub_register_command_lockdown ("dump", grub_mini_cmd_dump,
N_("ADDR [SIZE]"), N_("Show memory contents."));
cmd_rmmod =
grub_register_command ("rmmod", grub_mini_cmd_rmmod,
N_("MODULE"), N_("Remove a module."));