9537f4403d
The get_part_uuid() function made an assumption that the target GRUB device is a partition device and accessed device->disk->partition without checking for NULL. There are four situations where this assumption is problematic: 1. The device is a net device instead of a disk. 2. The device is an abstraction device, like LVM, RAID, or CRYPTO, which is mostly logical "disk" ((lvmid/<UUID>) and so on). 3. Firmware RAID may present the ESP to GRUB as an EFI disk (hd0) device if it is contained within a Linux software RAID. 4. When booting from a CD-ROM, the ESP is a VFAT image indexed by the El Torito boot catalog. The boot device is set to (cd0), corresponding to the CD-ROM image mounted as an ISO 9660 filesystem. As a result, get_part_uuid() could lead to a NULL pointer dereference and trigger a synchronous exception during boot if the ESP falls into one of these categories. This patch fixes the problem by adding the necessary checks to handle cases where the ESP is not a partition device. Additionally, to avoid disrupting the boot process, this patch relaxes the severity of the errors in this context to non-critical. Errors will be logged, but they will not prevent the boot process from continuing. Fixes: e0fa7dc84 (bli: Add a module for the Boot Loader Interface) Signed-off-by: Michael Chang <mchang@suse.com> Reviewed-By: Oliver Steffen <osteffen@redhat.com> Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
This is GRUB 2, the second version of the GRand Unified Bootloader. GRUB 2 is rewritten from scratch to make GNU GRUB cleaner, safer, more robust, more powerful, and more portable. See the file NEWS for a description of recent changes to GRUB 2. See the file INSTALL for instructions on how to build and install the GRUB 2 data and program files. See the file MAINTAINERS for information about the GRUB maintainers, etc. If you found a security vulnerability in the GRUB please check the SECURITY file to get more information how to properly report this kind of bugs to the maintainers. Please visit the official web page of GRUB 2, for more information. The URL is <http://www.gnu.org/software/grub/grub.html>. More extensive documentation is available in the Info manual, accessible using 'info grub' after building and installing GRUB 2. There are a number of important user-visible differences from the first version of GRUB, now known as GRUB Legacy. For a summary, please see: info grub Introduction 'Changes from GRUB Legacy'