new file mode 100644
@@ -0,0 +1,138 @@
+From 954c48b9c833d64b74ced1f27701af2ea5c6f55a Mon Sep 17 00:00:00 2001
+From: Chad Kimes <chkimes@github.com>
+Date: Mon, 21 Mar 2022 17:29:16 -0400
+Subject: [PATCH] net/net: Add net_set_vlan command
+
+Previously there was no way to set the 802.1Q VLAN identifier, despite
+support for vlantag in the net module. The only location vlantag was
+being populated was from PXE boot and only for Open Firmware hardware.
+This commit allows users to manually configure VLAN information for any
+interface.
+
+Example usage:
+ grub> net_ls_addr
+ efinet1 00:11:22:33:44:55 192.0.2.100
+ grub> net_set_vlan efinet1 100
+ grub> net_ls_addr
+ efinet1 00:11:22:33:44:55 192.0.2.100 vlan100
+ grub> net_set_vlan efinet1 0
+ efinet1 00:11:22:33:44:55 192.0.2.100
+
+Signed-off-by: Chad Kimes <chkimes@github.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2025-54770
+Upstream-Status: Backport [https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=954c48b9c833d64b74ced1f27701af2ea5c6f55a]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ docs/grub.texi | 20 ++++++++++++++++++++
+ grub-core/net/net.c | 41 ++++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 60 insertions(+), 1 deletion(-)
+
+diff --git a/docs/grub.texi b/docs/grub.texi
+index f8b4b3b..f7fc6d7 100644
+--- a/docs/grub.texi
++++ b/docs/grub.texi
+@@ -5493,6 +5493,7 @@ This command is only available on AArch64 systems.
+ * net_ls_dns:: List DNS servers
+ * net_ls_routes:: List routing entries
+ * net_nslookup:: Perform a DNS lookup
++* net_set_vlan:: Set vlan id on an interface
+ @end menu
+
+
+@@ -5669,6 +5670,25 @@ is given, use default list of servers.
+ @end deffn
+
+
++@node net_set_vlan
++@subsection net_set_vlan
++
++@deffn Command net_set_vlan @var{interface} @var{vlanid}
++Set the 802.1Q VLAN identifier on @var{interface} to @var{vlanid}. For example,
++to set the VLAN identifier on interface @samp{efinet1} to @samp{100}:
++
++@example
++net_set_vlan efinet1 100
++@end example
++
++The VLAN identifier can be removed by setting it to @samp{0}:
++
++@example
++net_set_vlan efinet1 0
++@end example
++@end deffn
++
++
+ @node Internationalisation
+ @chapter Internationalisation
+
+diff --git a/grub-core/net/net.c b/grub-core/net/net.c
+index ec7f01c..03ede6d 100644
+--- a/grub-core/net/net.c
++++ b/grub-core/net/net.c
+@@ -1162,6 +1162,42 @@ grub_cmd_addroute (struct grub_command *cmd __attribute__ ((unused)),
+ }
+ }
+
++static grub_err_t
++grub_cmd_setvlan (struct grub_command *cmd __attribute__ ((unused)),
++ int argc, char **args)
++{
++ const char *vlan_string, *vlan_string_end;
++ unsigned long vlantag;
++ struct grub_net_network_level_interface *inter;
++
++ if (argc != 2)
++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("two arguments expected"));
++
++ vlan_string = args[1];
++ vlantag = grub_strtoul (vlan_string, &vlan_string_end, 10);
++
++ if (*vlan_string == '\0' || *vlan_string_end != '\0')
++ return grub_error (GRUB_ERR_BAD_NUMBER,
++ N_("non-numeric or invalid number `%s'"), vlan_string);
++
++ if (vlantag > 4094)
++ return grub_error (GRUB_ERR_OUT_OF_RANGE,
++ N_("vlan id `%s' not in the valid range of 0-4094"),
++ vlan_string);
++
++ FOR_NET_NETWORK_LEVEL_INTERFACES (inter)
++ {
++ if (grub_strcmp (inter->name, args[0]) != 0)
++ continue;
++
++ inter->vlantag = vlantag;
++ return GRUB_ERR_NONE;
++ }
++
++ return grub_error (GRUB_ERR_BAD_ARGUMENT,
++ N_("network interface not found"));
++}
++
+ static void
+ print_net_address (const grub_net_network_level_netaddress_t *target)
+ {
+@@ -1876,7 +1912,7 @@ grub_net_search_config_file (char *config, grub_size_t config_buf_len)
+ static struct grub_preboot *fini_hnd;
+
+ static grub_command_t cmd_addaddr, cmd_deladdr, cmd_addroute, cmd_delroute;
+-static grub_command_t cmd_lsroutes, cmd_lscards;
++static grub_command_t cmd_setvlan, cmd_lsroutes, cmd_lscards;
+ static grub_command_t cmd_lsaddr, cmd_slaac;
+
+ GRUB_MOD_INIT(net)
+@@ -1914,6 +1950,9 @@ GRUB_MOD_INIT(net)
+ cmd_delroute = grub_register_command ("net_del_route", grub_cmd_delroute,
+ N_("SHORTNAME"),
+ N_("Delete a network route."));
++ cmd_setvlan = grub_register_command ("net_set_vlan", grub_cmd_setvlan,
++ N_("SHORTNAME VLANID"),
++ N_("Set an interface's vlan id."));
+ cmd_lsroutes = grub_register_command ("net_ls_routes", grub_cmd_listroutes,
+ "", N_("list network routes"));
+ cmd_lscards = grub_register_command ("net_ls_cards", grub_cmd_listcards,
+--
+2.50.1
+
new file mode 100644
@@ -0,0 +1,39 @@
+From 10e58a14db20e17d1b6a39abe38df01fef98e29d Mon Sep 17 00:00:00 2001
+From: Thomas Frauendorfer | Miray Software <tf@miray.de>
+Date: Fri, 9 May 2025 14:20:47 +0200
+Subject: [PATCH] net/net: Unregister net_set_vlan command on unload
+
+The commit 954c48b9c (net/net: Add net_set_vlan command) added command
+net_set_vlan to the net module. Unfortunately the commit only added the
+grub_register_command() call on module load but missed the
+grub_unregister_command() on unload. Let's fix this.
+
+Fixes: CVE-2025-54770
+Fixes: 954c48b9c (net/net: Add net_set_vlan command)
+
+Reported-by: Thomas Frauendorfer | Miray Software <tf@miray.de>
+Signed-off-by: Thomas Frauendorfer | Miray Software <tf@miray.de>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+CVE: CVE-2025-54770
+Upstream-Status: Backport [https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=patch;h=10e58a14db20e17d1b6a39abe38df01fef98e29d]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ grub-core/net/net.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/grub-core/net/net.c b/grub-core/net/net.c
+index 03ede6d..e66d192 100644
+--- a/grub-core/net/net.c
++++ b/grub-core/net/net.c
+@@ -1980,6 +1980,7 @@ GRUB_MOD_FINI(net)
+ grub_unregister_command (cmd_deladdr);
+ grub_unregister_command (cmd_addroute);
+ grub_unregister_command (cmd_delroute);
++ grub_unregister_command (cmd_setvlan);
+ grub_unregister_command (cmd_lsroutes);
+ grub_unregister_command (cmd_lscards);
+ grub_unregister_command (cmd_lsaddr);
+--
+2.50.1
+
@@ -63,6 +63,8 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://CVE-2025-61661.patch \
file://CVE-2025-61662.patch \
file://CVE-2025-61663_61664.patch \
+ file://CVE-2025-54770-01.patch \
+ file://CVE-2025-54770-02.patch \
"
SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f"
Upstream-Status: Backport from https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=954c48b9c833d64b74ced1f27701af2ea5c6f55a && https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=patch;h=10e58a14db20e17d1b6a39abe38df01fef98e29d Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> --- .../grub/files/CVE-2025-54770-01.patch | 138 ++++++++++++++++++ .../grub/files/CVE-2025-54770-02.patch | 39 +++++ meta/recipes-bsp/grub/grub2.inc | 2 + 3 files changed, 179 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-54770-01.patch create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-54770-02.patch