projects / grub2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c4a2cba) | patch
commands/pgp: Unregister the "check_signatures" hooks on module unload
authorB Horn <b@horn.uk>
Fri, 1 Nov 2024 19:24:29 +0000 (19:24 +0000)
committerFelix Zielcke <fzielcke@z-51.de>
Wed, 11 Jun 2025 15:42:34 +0000 (17:42 +0200)
commit1ed1ee5e946e38358f429430c195a3e3bb7a4517
tree2d4a2324f1e980fff81c9b8cb2cba56f9f50f052tree | snapshot
parentc4a2cba6104cb5267f7ac0bbc88f47ea5c9efd7acommit | diff
commands/pgp: Unregister the "check_signatures" hooks on module unload

If the hooks are not removed they can be called after the module has
been unloaded leading to an use-after-free.

Fixes: CVE-2025-0622
Reported-by: B Horn <b@horn.uk>
Signed-off-by: B Horn <b@horn.uk>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Gbp-Pq: Topic cve-2025-jan
Gbp-Pq: Name commands-pgp-Unregister-the-check_signatures-hooks-on-mod.patch
grub-core/commands/pgp.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.