projects / grub2.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0d17982) | patch
fs: Disable many filesystems under lockdown
authorDaniel Axtens <dja@axtens.net>
Sat, 23 Mar 2024 05:20:45 +0000 (16:20 +1100)
committerFelix Zielcke <fzielcke@z-51.de>
Wed, 11 Jun 2025 15:42:34 +0000 (17:42 +0200)
commitdc21000bedf1223e4d58bc8be9d943f43f00b0d5
treed5b9c0a7795ed5a11176c11a28ee531b9ee24ac8tree | snapshot
parent0d17982fdd9e6fbd3ea2b75dfceb78b5c275d590commit | diff
fs: Disable many filesystems under lockdown

The idea is to permit the following: btrfs, cpio, exfat, ext, f2fs, fat,
hfsplus, iso9660, squash4, tar, xfs and zfs.

The JFS, ReiserFS, romfs, UDF and UFS security vulnerabilities were
reported by Jonathan Bar Or <jonathanbaror@gmail.com>.

Fixes: CVE-2025-0677
Fixes: CVE-2025-0684
Fixes: CVE-2025-0685
Fixes: CVE-2025-0686
Fixes: CVE-2025-0689
Suggested-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Gbp-Pq: Topic cve-2025-jan
Gbp-Pq: Name fs-Disable-many-filesystems-under-lockdown.patch
grub-core/fs/affs.c diff | blob | history
grub-core/fs/cbfs.c diff | blob | history
grub-core/fs/jfs.c diff | blob | history
grub-core/fs/minix.c diff | blob | history
grub-core/fs/nilfs2.c diff | blob | history
grub-core/fs/ntfs.c diff | blob | history
grub-core/fs/reiserfs.c diff | blob | history
grub-core/fs/romfs.c diff | blob | history
grub-core/fs/sfs.c diff | blob | history
grub-core/fs/udf.c diff | blob | history
grub-core/fs/ufs.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.