| Message ID | 20260224042919.7049-1-hprajapati@mvista.com |
|---|---|
| State | Changes Requested |
| Delegated to: | Yoann Congal |
| Headers | show |
| Series | [kirkstone,PATCHv2] grub: fix CVE-2025-54770 | expand |
On Tue Feb 24, 2026 at 5:29 AM CET, Hitendra Prajapati via lists.openembedded.org wrote: > References: > https://nvd.nist.gov/vuln/detail/CVE-2025-54770 This patch is not in this NVD page. You need to provide a way to quickly check why the patch you add is the right one. > > Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> > --- > .../grub/files/CVE-2025-54770-01.patch | 138 ++++++++++++++++++ > .../grub/files/CVE-2025-54770-02.patch | 39 +++++ > meta/recipes-bsp/grub/grub2.inc | 2 + > 3 files changed, 179 insertions(+) > create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-54770-01.patch > create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-54770-02.patch > > diff --git a/meta/recipes-bsp/grub/files/CVE-2025-54770-01.patch b/meta/recipes-bsp/grub/files/CVE-2025-54770-01.patch > new file mode 100644 > index 0000000000..ea749fc8f6 > --- /dev/null > +++ b/meta/recipes-bsp/grub/files/CVE-2025-54770-01.patch > @@ -0,0 +1,138 @@ > +From 954c48b9c833d64b74ced1f27701af2ea5c6f55a Mon Sep 17 00:00:00 2001 > +From: Chad Kimes <chkimes@github.com> > +Date: Mon, 21 Mar 2022 17:29:16 -0400 > +Subject: [PATCH] net/net: Add net_set_vlan command > + > +Previously there was no way to set the 802.1Q VLAN identifier, despite > +support for vlantag in the net module. The only location vlantag was > +being populated was from PXE boot and only for Open Firmware hardware. > +This commit allows users to manually configure VLAN information for any > +interface. > + > +Example usage: > + grub> net_ls_addr > + efinet1 00:11:22:33:44:55 192.0.2.100 > + grub> net_set_vlan efinet1 100 > + grub> net_ls_addr > + efinet1 00:11:22:33:44:55 192.0.2.100 vlan100 > + grub> net_set_vlan efinet1 0 > + efinet1 00:11:22:33:44:55 192.0.2.100 > + > +Signed-off-by: Chad Kimes <chkimes@github.com> > +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> > + > +CVE: CVE-2025-54770 > +Upstream-Status: Backport [https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=954c48b9c833d64b74ced1f27701af2ea5c6f55a] > +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> > +--- > + docs/grub.texi | 20 ++++++++++++++++++++ > + grub-core/net/net.c | 41 ++++++++++++++++++++++++++++++++++++++++- > + 2 files changed, 60 insertions(+), 1 deletion(-) > + > +diff --git a/docs/grub.texi b/docs/grub.texi > +index f8b4b3b..f7fc6d7 100644 > +--- a/docs/grub.texi > ++++ b/docs/grub.texi > +@@ -5493,6 +5493,7 @@ This command is only available on AArch64 systems. > + * net_ls_dns:: List DNS servers > + * net_ls_routes:: List routing entries > + * net_nslookup:: Perform a DNS lookup > ++* net_set_vlan:: Set vlan id on an interface > + @end menu > + > + > +@@ -5669,6 +5670,25 @@ is given, use default list of servers. > + @end deffn > + > + > ++@node net_set_vlan > ++@subsection net_set_vlan > ++ > ++@deffn Command net_set_vlan @var{interface} @var{vlanid} > ++Set the 802.1Q VLAN identifier on @var{interface} to @var{vlanid}. For example, > ++to set the VLAN identifier on interface @samp{efinet1} to @samp{100}: > ++ > ++@example > ++net_set_vlan efinet1 100 > ++@end example > ++ > ++The VLAN identifier can be removed by setting it to @samp{0}: > ++ > ++@example > ++net_set_vlan efinet1 0 > ++@end example > ++@end deffn > ++ > ++ > + @node Internationalisation > + @chapter Internationalisation > + > +diff --git a/grub-core/net/net.c b/grub-core/net/net.c > +index ec7f01c..03ede6d 100644 > +--- a/grub-core/net/net.c > ++++ b/grub-core/net/net.c > +@@ -1162,6 +1162,42 @@ grub_cmd_addroute (struct grub_command *cmd __attribute__ ((unused)), > + } > + } > + > ++static grub_err_t > ++grub_cmd_setvlan (struct grub_command *cmd __attribute__ ((unused)), > ++ int argc, char **args) > ++{ > ++ const char *vlan_string, *vlan_string_end; > ++ unsigned long vlantag; > ++ struct grub_net_network_level_interface *inter; > ++ > ++ if (argc != 2) > ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("two arguments expected")); > ++ > ++ vlan_string = args[1]; > ++ vlantag = grub_strtoul (vlan_string, &vlan_string_end, 10); > ++ > ++ if (*vlan_string == '\0' || *vlan_string_end != '\0') > ++ return grub_error (GRUB_ERR_BAD_NUMBER, > ++ N_("non-numeric or invalid number `%s'"), vlan_string); > ++ > ++ if (vlantag > 4094) > ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, > ++ N_("vlan id `%s' not in the valid range of 0-4094"), > ++ vlan_string); > ++ > ++ FOR_NET_NETWORK_LEVEL_INTERFACES (inter) > ++ { > ++ if (grub_strcmp (inter->name, args[0]) != 0) > ++ continue; > ++ > ++ inter->vlantag = vlantag; > ++ return GRUB_ERR_NONE; > ++ } > ++ > ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, > ++ N_("network interface not found")); > ++} > ++ > + static void > + print_net_address (const grub_net_network_level_netaddress_t *target) > + { > +@@ -1876,7 +1912,7 @@ grub_net_search_config_file (char *config, grub_size_t config_buf_len) > + static struct grub_preboot *fini_hnd; > + > + static grub_command_t cmd_addaddr, cmd_deladdr, cmd_addroute, cmd_delroute; > +-static grub_command_t cmd_lsroutes, cmd_lscards; > ++static grub_command_t cmd_setvlan, cmd_lsroutes, cmd_lscards; > + static grub_command_t cmd_lsaddr, cmd_slaac; > + > + GRUB_MOD_INIT(net) > +@@ -1914,6 +1950,9 @@ GRUB_MOD_INIT(net) > + cmd_delroute = grub_register_command ("net_del_route", grub_cmd_delroute, > + N_("SHORTNAME"), > + N_("Delete a network route.")); > ++ cmd_setvlan = grub_register_command ("net_set_vlan", grub_cmd_setvlan, > ++ N_("SHORTNAME VLANID"), > ++ N_("Set an interface's vlan id.")); > + cmd_lsroutes = grub_register_command ("net_ls_routes", grub_cmd_listroutes, > + "", N_("list network routes")); > + cmd_lscards = grub_register_command ("net_ls_cards", grub_cmd_listcards, > +-- > +2.50.1 > + > diff --git a/meta/recipes-bsp/grub/files/CVE-2025-54770-02.patch b/meta/recipes-bsp/grub/files/CVE-2025-54770-02.patch > new file mode 100644 > index 0000000000..bc56997726 > --- /dev/null > +++ b/meta/recipes-bsp/grub/files/CVE-2025-54770-02.patch > @@ -0,0 +1,39 @@ > +From 10e58a14db20e17d1b6a39abe38df01fef98e29d Mon Sep 17 00:00:00 2001 > +From: Thomas Frauendorfer | Miray Software <tf@miray.de> > +Date: Fri, 9 May 2025 14:20:47 +0200 > +Subject: [PATCH] net/net: Unregister net_set_vlan command on unload > + > +The commit 954c48b9c (net/net: Add net_set_vlan command) added command > +net_set_vlan to the net module. Unfortunately the commit only added the > +grub_register_command() call on module load but missed the > +grub_unregister_command() on unload. Let's fix this. > + > +Fixes: CVE-2025-54770 > +Fixes: 954c48b9c (net/net: Add net_set_vlan command) > + > +Reported-by: Thomas Frauendorfer | Miray Software <tf@miray.de> > +Signed-off-by: Thomas Frauendorfer | Miray Software <tf@miray.de> > +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> > + > +CVE: CVE-2025-54770 > +Upstream-Status: Backport [https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=patch;h=10e58a14db20e17d1b6a39abe38df01fef98e29d] > +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> > +--- > + grub-core/net/net.c | 1 + > + 1 file changed, 1 insertion(+) > + > +diff --git a/grub-core/net/net.c b/grub-core/net/net.c > +index 03ede6d..e66d192 100644 > +--- a/grub-core/net/net.c > ++++ b/grub-core/net/net.c > +@@ -1980,6 +1980,7 @@ GRUB_MOD_FINI(net) > + grub_unregister_command (cmd_deladdr); > + grub_unregister_command (cmd_addroute); > + grub_unregister_command (cmd_delroute); > ++ grub_unregister_command (cmd_setvlan); > + grub_unregister_command (cmd_lsroutes); > + grub_unregister_command (cmd_lscards); > + grub_unregister_command (cmd_lsaddr); > +-- > +2.50.1 > + > diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc > index 4744e26693..b21afe34f7 100644 > --- a/meta/recipes-bsp/grub/grub2.inc > +++ b/meta/recipes-bsp/grub/grub2.inc > @@ -63,6 +63,8 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ > file://CVE-2025-61661.patch \ > file://CVE-2025-61662.patch \ > file://CVE-2025-61663_61664.patch \ > + file://CVE-2025-54770-01.patch \ > + file://CVE-2025-54770-02.patch \ > " > > SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f"
diff --git a/meta/recipes-bsp/grub/files/CVE-2025-54770-01.patch b/meta/recipes-bsp/grub/files/CVE-2025-54770-01.patch new file mode 100644 index 0000000000..ea749fc8f6 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2025-54770-01.patch @@ -0,0 +1,138 @@ +From 954c48b9c833d64b74ced1f27701af2ea5c6f55a Mon Sep 17 00:00:00 2001 +From: Chad Kimes <chkimes@github.com> +Date: Mon, 21 Mar 2022 17:29:16 -0400 +Subject: [PATCH] net/net: Add net_set_vlan command + +Previously there was no way to set the 802.1Q VLAN identifier, despite +support for vlantag in the net module. The only location vlantag was +being populated was from PXE boot and only for Open Firmware hardware. +This commit allows users to manually configure VLAN information for any +interface. + +Example usage: + grub> net_ls_addr + efinet1 00:11:22:33:44:55 192.0.2.100 + grub> net_set_vlan efinet1 100 + grub> net_ls_addr + efinet1 00:11:22:33:44:55 192.0.2.100 vlan100 + grub> net_set_vlan efinet1 0 + efinet1 00:11:22:33:44:55 192.0.2.100 + +Signed-off-by: Chad Kimes <chkimes@github.com> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +CVE: CVE-2025-54770 +Upstream-Status: Backport [https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=954c48b9c833d64b74ced1f27701af2ea5c6f55a] +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + docs/grub.texi | 20 ++++++++++++++++++++ + grub-core/net/net.c | 41 ++++++++++++++++++++++++++++++++++++++++- + 2 files changed, 60 insertions(+), 1 deletion(-) + +diff --git a/docs/grub.texi b/docs/grub.texi +index f8b4b3b..f7fc6d7 100644 +--- a/docs/grub.texi ++++ b/docs/grub.texi +@@ -5493,6 +5493,7 @@ This command is only available on AArch64 systems. + * net_ls_dns:: List DNS servers + * net_ls_routes:: List routing entries + * net_nslookup:: Perform a DNS lookup ++* net_set_vlan:: Set vlan id on an interface + @end menu + + +@@ -5669,6 +5670,25 @@ is given, use default list of servers. + @end deffn + + ++@node net_set_vlan ++@subsection net_set_vlan ++ ++@deffn Command net_set_vlan @var{interface} @var{vlanid} ++Set the 802.1Q VLAN identifier on @var{interface} to @var{vlanid}. For example, ++to set the VLAN identifier on interface @samp{efinet1} to @samp{100}: ++ ++@example ++net_set_vlan efinet1 100 ++@end example ++ ++The VLAN identifier can be removed by setting it to @samp{0}: ++ ++@example ++net_set_vlan efinet1 0 ++@end example ++@end deffn ++ ++ + @node Internationalisation + @chapter Internationalisation + +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index ec7f01c..03ede6d 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -1162,6 +1162,42 @@ grub_cmd_addroute (struct grub_command *cmd __attribute__ ((unused)), + } + } + ++static grub_err_t ++grub_cmd_setvlan (struct grub_command *cmd __attribute__ ((unused)), ++ int argc, char **args) ++{ ++ const char *vlan_string, *vlan_string_end; ++ unsigned long vlantag; ++ struct grub_net_network_level_interface *inter; ++ ++ if (argc != 2) ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, N_("two arguments expected")); ++ ++ vlan_string = args[1]; ++ vlantag = grub_strtoul (vlan_string, &vlan_string_end, 10); ++ ++ if (*vlan_string == '\0' || *vlan_string_end != '\0') ++ return grub_error (GRUB_ERR_BAD_NUMBER, ++ N_("non-numeric or invalid number `%s'"), vlan_string); ++ ++ if (vlantag > 4094) ++ return grub_error (GRUB_ERR_OUT_OF_RANGE, ++ N_("vlan id `%s' not in the valid range of 0-4094"), ++ vlan_string); ++ ++ FOR_NET_NETWORK_LEVEL_INTERFACES (inter) ++ { ++ if (grub_strcmp (inter->name, args[0]) != 0) ++ continue; ++ ++ inter->vlantag = vlantag; ++ return GRUB_ERR_NONE; ++ } ++ ++ return grub_error (GRUB_ERR_BAD_ARGUMENT, ++ N_("network interface not found")); ++} ++ + static void + print_net_address (const grub_net_network_level_netaddress_t *target) + { +@@ -1876,7 +1912,7 @@ grub_net_search_config_file (char *config, grub_size_t config_buf_len) + static struct grub_preboot *fini_hnd; + + static grub_command_t cmd_addaddr, cmd_deladdr, cmd_addroute, cmd_delroute; +-static grub_command_t cmd_lsroutes, cmd_lscards; ++static grub_command_t cmd_setvlan, cmd_lsroutes, cmd_lscards; + static grub_command_t cmd_lsaddr, cmd_slaac; + + GRUB_MOD_INIT(net) +@@ -1914,6 +1950,9 @@ GRUB_MOD_INIT(net) + cmd_delroute = grub_register_command ("net_del_route", grub_cmd_delroute, + N_("SHORTNAME"), + N_("Delete a network route.")); ++ cmd_setvlan = grub_register_command ("net_set_vlan", grub_cmd_setvlan, ++ N_("SHORTNAME VLANID"), ++ N_("Set an interface's vlan id.")); + cmd_lsroutes = grub_register_command ("net_ls_routes", grub_cmd_listroutes, + "", N_("list network routes")); + cmd_lscards = grub_register_command ("net_ls_cards", grub_cmd_listcards, +-- +2.50.1 + diff --git a/meta/recipes-bsp/grub/files/CVE-2025-54770-02.patch b/meta/recipes-bsp/grub/files/CVE-2025-54770-02.patch new file mode 100644 index 0000000000..bc56997726 --- /dev/null +++ b/meta/recipes-bsp/grub/files/CVE-2025-54770-02.patch @@ -0,0 +1,39 @@ +From 10e58a14db20e17d1b6a39abe38df01fef98e29d Mon Sep 17 00:00:00 2001 +From: Thomas Frauendorfer | Miray Software <tf@miray.de> +Date: Fri, 9 May 2025 14:20:47 +0200 +Subject: [PATCH] net/net: Unregister net_set_vlan command on unload + +The commit 954c48b9c (net/net: Add net_set_vlan command) added command +net_set_vlan to the net module. Unfortunately the commit only added the +grub_register_command() call on module load but missed the +grub_unregister_command() on unload. Let's fix this. + +Fixes: CVE-2025-54770 +Fixes: 954c48b9c (net/net: Add net_set_vlan command) + +Reported-by: Thomas Frauendorfer | Miray Software <tf@miray.de> +Signed-off-by: Thomas Frauendorfer | Miray Software <tf@miray.de> +Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com> + +CVE: CVE-2025-54770 +Upstream-Status: Backport [https://gitweb.git.savannah.gnu.org/gitweb/?p=grub.git;a=patch;h=10e58a14db20e17d1b6a39abe38df01fef98e29d] +Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> +--- + grub-core/net/net.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/grub-core/net/net.c b/grub-core/net/net.c +index 03ede6d..e66d192 100644 +--- a/grub-core/net/net.c ++++ b/grub-core/net/net.c +@@ -1980,6 +1980,7 @@ GRUB_MOD_FINI(net) + grub_unregister_command (cmd_deladdr); + grub_unregister_command (cmd_addroute); + grub_unregister_command (cmd_delroute); ++ grub_unregister_command (cmd_setvlan); + grub_unregister_command (cmd_lsroutes); + grub_unregister_command (cmd_lscards); + grub_unregister_command (cmd_lsaddr); +-- +2.50.1 + diff --git a/meta/recipes-bsp/grub/grub2.inc b/meta/recipes-bsp/grub/grub2.inc index 4744e26693..b21afe34f7 100644 --- a/meta/recipes-bsp/grub/grub2.inc +++ b/meta/recipes-bsp/grub/grub2.inc @@ -63,6 +63,8 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \ file://CVE-2025-61661.patch \ file://CVE-2025-61662.patch \ file://CVE-2025-61663_61664.patch \ + file://CVE-2025-54770-01.patch \ + file://CVE-2025-54770-02.patch \ " SRC_URI[sha256sum] = "23b64b4c741569f9426ed2e3d0e6780796fca081bee4c99f62aa3f53ae803f5f"
References: https://nvd.nist.gov/vuln/detail/CVE-2025-54770 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> --- .../grub/files/CVE-2025-54770-01.patch | 138 ++++++++++++++++++ .../grub/files/CVE-2025-54770-02.patch | 39 +++++ meta/recipes-bsp/grub/grub2.inc | 2 + 3 files changed, 179 insertions(+) create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-54770-01.patch create mode 100644 meta/recipes-bsp/grub/files/CVE-2025-54770-02.patch