[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SECURITY PATCH 00/73] GRUB2 vulnerabilities - 2025/02/18
|
From: |
Daniel Kiper |
|
Subject: |
[SECURITY PATCH 00/73] GRUB2 vulnerabilities - 2025/02/18 |
|
Date: |
Tue, 18 Feb 2025 19:00:29 +0100 |
Hi all,
This patch set contains a bundle of fixes for various security flaws
discovered, as part of a pro-active hardening effort, in the GRUB2 code
recently. The most severe ones, i.e. potentially exploitable, have CVEs
assigned and are listed at the end of this email.
Details of exactly what needs updating will be provided by the respective
distros and vendors when updates become available.
Full mitigation against all CVEs will require updated shim with latest SBAT
(Secure Boot Advanced Targeting) [1] data provided by distros and vendors.
This time UEFI revocation list (dbx) will not be used and revocation of broken
artifacts will be done with SBAT only. For information on how to apply the
latest SBAT revocations, please see mokutil(1). Vendor shims may explicitly
permit known older boot artifacts to boot.
Updated GRUB2, shim and other boot artifacts from all the affected vendors will
be made available when the embargo lifts or some time thereafter.
I am posting all the GRUB2 upstream patches which fix all security bugs found
and reported up until now. Major Linux distros carry or will carry soon one
form or another of these patches. Now all the GRUB2 upstream patches are in
the GRUB2 git repository [2] too.
I would like to thank Nils Langius, B Horn and Jonathan Bar Or for responsible
disclosure and preparation of some patches needed to fix known issues.
Upstream fixing would not be possible without involvement of following people
too:
- Alec Brown (Oracle),
- Daniel Axtens,
- Jan Setje-Eilers (Oracle),
- Lidong Chen (Oracle),
- Marco A Benatto (Red Hat),
- Michael Chang (SUSE),
- Ross Philipson (Oracle).
Thank you for your hard work!
Daniel
[1] https://github.com/rhboot/shim/blob/main/SBAT.md
https://github.com/rhboot/shim/blob/main/Delivering_Sbat_Revocations.md
[2] https://git.savannah.gnu.org/gitweb/?p=grub.git
https://git.savannah.gnu.org/git/grub.git
*******************************************************************************
CVE-2024-45774: reader/jpeg: Heap OOB Write during JPEG parsing
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - 6.7
Extra SOF0 marker in JPEG file may lead to a out-of-bounds write.
An attacker may leverage this by crafting a malicious JPEG file,
leading the grub's JPEG parser to fail the bounds checking in its
internal buffer resulting in a out-of-bounds memory write. The
possibility of overwriting sensitve information in order to bypass
secure boot protections are not discarded.
Reported-by: Nils Langius
*******************************************************************************
CVE-2024-45775: commands/extcmd: Missing check for failed allocation
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H - 5.2
In grub_extcmd_dispatcher() function grub2 calls grub_arg_list_alloc()
to allocate memory for the grub's argument list, however it misses to
check in case the memory allocation failed. Once the allocation failed,
a NULL point will be processed by the parse_option() function leading
grub to crash or in some rare scenarios corrupt the IVT data.
Reported-by: Nils Langius
*******************************************************************************
CVE-2024-45776: grub-core/gettext: Integer overflow leads to Heap OOB Write and
Read
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - 6.7
When reading language .mo file in grub_mofile_open(), grub2 fails to verify to
a integer overflow when allocating its internal buffer. A crafted .mo file may
lead to the buffer size calculation to overflow leading to Out-of-bound reads
and writes. An attacker may leverage this flaw to leak sensitive data or
overwrite critical data possibly leading to the circumvention of secure boot
protections.
Reported-by: Nils Langius
*******************************************************************************
CVE-2024-45777: grub-core/gettext: Integer overflow leads to Heap OOB Write
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - 6.7
The calculation of the translation buffer when reading a language .mo file in
grub_gettext_getstr_from_position() may overflow leading to a Out-of-bound
write. This may be leveraged by an attacker to overwrite senstive grub2's heap
data, eventually leading to the circumvention of secure boot protections
Reported-by: Nils Langius
*******************************************************************************
CVE-2024-45778: fs/bfs: Integer overflow in the BFS parser
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H - 4.1
There's a stack overflow when reading a BFS file system. A crafted BFS
filesystem may lead to a uncontrolled loop causing grub2 to crash
Reported-by: Nils Langius
*******************************************************************************
CVE-2024-45779: fs/bfs: Integer overflow leads to Heap OOB Read (Write?) in the
BFS parser
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N - 4.1
There's an integer overflow in the BFS file system driver. When reading a file
with indirect extent map grub2 fails to validate the number of extent entries
to be read. A crafted or corrupted BFS filesystem may cause a integer overflow
during the file reading, leading to a Heap Ouf-of-Bounds read. As consequence
sensitive data may be leaked or the grub2 to crash.
Reported-by: Nils Langius
*******************************************************************************
CVE-2024-45780: fs/tar: Integer Overflow causes Heap OOB Write
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - 6.7
When reading tar files, grub2 allocates an internal buffer for the file name
however it fails to properly verify the allocation against possible Integer
Overflows. It's possible to cause the allocation length to overflow with
a crafted tar file leading to a head Out-of-bounds write, as consequence an
attacker may leverage this to eventually circumvent secure boot protections.
Reported-by: Nils Langius
*******************************************************************************
CVE-2024-45781: fs/ufs: OOB write in the heap
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - 6.7
When reading a symbolic link's name from a UFS filesystem, grub2 fails to
validate the string length taken as an input. The lack of validation may lead
to a heap Out-of-bounds write, causing data integrity issues and eventually
allowing an attacker to circumvent secure boot protections.
Reported-by: B Horn
*******************************************************************************
CVE-2024-45782: fs/hfs: strcpy() using the volume name (fs/hfs.c:382)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H - 6.7
When reading a HFS volume's name at grub_fs_mount(), the HFS filesystem driver
performs a strcpy() using the user provided volume name as input without proper
validating the volume name's length. This may read to a heap based
Out-of-bounds write, impacting on grub's sensitive data integrity and
eventually leading to secure boot protection bypass.
Reported-by: B Horn
*******************************************************************************
CVE-2024-45783: fs/hfs+: refcount can be decremented twice
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H - 4.4
When failing to mount a HFS+ grub hfsplus filesystem driver doesn't properly
set a ERRNO value. This may lead to a NULL pointer access.
Reported-by: B Horn
*******************************************************************************
CVE-2025-0622: command/gpg: Use-after-free due to hooks not being removed on
module unload
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H - 6.4
In some scenarios hooks created by loaded modules are not being removed when
the related module is being unloaded. An attacker may leverage this by forcing
the grub2 to call the hooks once the module which registered it was unloaded,
leading to a Use-after-free vulnerability. If correctly exploited this
vulnerability may result int Arbitrary Code Execution eventually allowing the
attacker to by-pass secure boot protections.
Reported-by: B Horn
*******************************************************************************
CVE-2025-0624: net: Out-of-bounds write in grub_net_search_config_file()
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H - 7.5
During the network boot process when trying to search for the configuration
file, grub copies data from a user controlled environment variable into an
internal buffer using grub_strcpy() function. During this step it fails to
consider the environment variable length when allocating the internal buffer,
resulting in a out-of-bounds write. If correctly exploited this issue may
result in remote code execution through the same network segment the grub is
searching for the boot information, which can be used to by-pass secure boot
protections.
Reported-by: B Horn
*******************************************************************************
CVE-2025-0677: UFS: Integer overflow may lead to heap based out-of-bounds write
when handling symlinks
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H - 6.4
When performing a symlink lookup the grub's UFS module check the inode's data
size to allocate the internal buffer for reading the file content however it
misses to check if the symlink data size has overflown. If that happens
grub_malloc() may be called with a smaller value than needed, as consequence
when further reading the data from disk into the buffer
grub_ufs_lookup_symlink() function will write past the end of the allocated
size. An attack may leverage that by crafting a malicious filesystem and as
a result it will corrupt data stored in the heap, it's possible that arbitrary
code execution may be achieved through it and to be used to by-pass secure boot
mechanisms.
Reported-by: Jonathan Bar Or
*******************************************************************************
CVE-2025-0678: squash4: Integer overflow may lead to heap based out-of-bounds
write when reading data
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H - 6.4
When reading data from a squash4 filesystem, grub's squash4 fs module uses
user-controlled parameters from the filesystem geometry to determine the
internal buffers size, however it misses to properly check for integer
overflows. A maliciouly crafted filesystem may lead some of those buffer size
calculation to overflow, causing it to perform a grub_malloc() operation with
a smaller size than expected. As a result the direct_read() will perform a heap
based out-of-bounds write during data reading. This flaw may be leveraged to
corrupt grub's internal critical data and may result in arbitrary code
execution by-passing secure boot protections.
Reported-by: Jonathan Bar Or
*******************************************************************************
CVE-2025-0684: reiserfs: Integer overflow when handling symlinks may lead to
heap based out-of-bounds write when reading data
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H - 6.4
When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs
module uses user-controlled parameters from the filesystem geometry to
determine the internal buffers size, however it misses to properly check for
integer overflows. A maliciouly crafted filesystem may lead some of those
buffer size calculation to overflow, causing it to perform a grub_malloc()
operation with a smaller size than expected. As a result the
grub_reiserfs_read_symlink() will call grub_reiserfs_read_real() with
a overflown length parameter leading to a heap based out-of-bounds write during
data reading. This flaw may be leveraged to corrupt grub's internal critical
data and may result in arbitrary code execution by-passing secure boot
protections.
Reported-by: Jonathan Bar Or
*******************************************************************************
CVE-2025-0685: jfs: Integer overflow when handling symlinks may lead to heap
based out-of-bounds write when reading data
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H - 6.4
When reading data from a jfs filesystem, grub's jfs filesystem module uses
user-controlled parameters from the filesystem geometry to determine the
internal buffers size, however it misses to properly check for integer
overflows. A maliciouly crafted filesystem may lead some of those buffer size
calculation to overflow, causing it to perform a grub_malloc() operation with
a smaller size than expected. As a result the grub_jfs_lookup_symlink() function
will write past of the internal buffer length during grub_jfs_read_file(). This
flaw may be leveraged to corrupt grub's internal critical data and may result
in arbitrary code execution by-passing secure boot protections.
Reported-by: Jonathan Bar Or
*******************************************************************************
CVE-2025-0686: romfs: Integer overflow when handling symlinks may lead to heap
based out-of-bounds write when reading data
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H - 6.4
When performing a symlink lookup from a romfs filesystem, grub's romfs
filesystem module uses user-controlled parameters from the filesystem geometry
to determine the internal buffers size, however it misses to properly check for
integer overflows. A maliciouly crafted filesystem may lead some of those
buffer size calculation to overflow, causing it to perform a grub_malloc()
operation with a smaller size than expected. As a result the
grub_romfs_read_symlink() may cause a out-of-bounds writes when calling
grub_disk_read() function. This flaw may be leveraged to corrupt grub's
internal critical data and may result in arbitrary code execution by-passing
secure boot protections.
Reported-by: Jonathan Bar Or
*******************************************************************************
CVE-2025-0689: udf: Heap based buffer overflow in grub_udf_read_block() may
lead to arbitrary code execution
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H - 6.4
When reading data from disk, the grub's UDF filesystem module utilizes the user
controlled data length metadata to allocate its internal buffers. In certain
scenarios, while iterating through disk sectors, it assumes the read size from
the disk is always smaller than the allocated buffer size which is not
guaranteed. A crafted filesystem image may lead to a heap-based buffer overflow
resulting in critical data to be corrupted, resulting in the risk of arbitrary
code execution by-passing secure boot protections.
Reported-by: Jonathan Bar Or
*******************************************************************************
CVE-2025-0690: read: Integer overflow may lead to out-of-bounds write
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H - 6.1
The read command is used to read the keyboard input from the user, while reads
it keeps the input length in a 32-bit integer value which is further used to
reallocate the line buffer to accept the next character. During this process,
with a line big enough it's possible to make this variable to overflow leading
to a out-of-bounds write in the heap based buffer. This flaw may be leveraged
to corrupt grub's internal critical data and secure boot bypass is not
discarded as consequence.
Reported-by: Jonathan Bar Or
*******************************************************************************
CVE-2025-1118: commands/dump: The dump command is not in lockdown when secure
boot is enabled
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N - 4.4
The grub's dump command is not blocked when grub is in lockdown mode. This
allows the user to read any memory information, an attacker may leverage that
in order to extract signatures, salts and other sensitive information from the
memory.
Reported-by: B Horn
Reported-by: Jonathan Bar Or
*******************************************************************************
CVE-2025-1125: fs/hfs: Interger overflow may lead to heap based out-of-bounds
write
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H - 6.4
When reading data from a hfs filesystem, grub's hfs filesystem module uses
user-controlled parameters from the filesystem metadata to calculate the
internal buffers size, however it misses to properly check for integer
overflows. A maliciouly crafted filesystem may lead some of those buffer size
calculation to overflow, causing it to perform a grub_malloc() operation with
a smaller size than expected. As a result the hfsplus_open_compressed_real()
function will write past of the internal buffer length. This flaw may be
leveraged to corrupt grub's internal critical data and may result in arbitrary
code execution by-passing secure boot protections.
Reported-by: Jonathan Bar Or
*******************************************************************************
docs/grub.texi | 30 ++++
grub-core/bus/usb/ehci.c | 2 +-
grub-core/commands/extcmd.c | 3 +
grub-core/commands/hexdump.c | 7 +-
grub-core/commands/ls.c | 6 +-
grub-core/commands/memrw.c | 21 +--
grub-core/commands/minicmd.c | 6 +-
grub-core/commands/pgp.c | 2 +
grub-core/commands/read.c | 19 ++-
grub-core/commands/test.c | 21 ++-
grub-core/disk/ata.c | 4 +-
grub-core/disk/cryptodisk.c | 124 +++++++++++++--
grub-core/disk/diskfilter.c | 9 +-
grub-core/disk/ieee1275/obdisk.c | 49 +++++-
grub-core/disk/ieee1275/ofdisk.c | 64 ++++++--
grub-core/disk/ldm.c | 42 ++++-
grub-core/disk/loopback.c | 18 +++
grub-core/disk/luks2.c | 7 +-
grub-core/disk/lvm.c | 20 ++-
grub-core/disk/memdisk.c | 9 +-
grub-core/disk/plainmount.c | 9 +-
grub-core/fs/affs.c | 10 +-
grub-core/fs/archelp.c | 9 +-
grub-core/fs/bfs.c | 10 +-
grub-core/fs/btrfs.c | 39 ++++-
grub-core/fs/cbfs.c | 10 +-
grub-core/fs/cpio.c | 1 +
grub-core/fs/cpio_be.c | 1 +
grub-core/fs/cpio_common.c | 34 +++-
grub-core/fs/erofs.c | 10 +-
grub-core/fs/ext2.c | 11 +-
grub-core/fs/f2fs.c | 21 ++-
grub-core/fs/fat.c | 1 +
grub-core/fs/hfs.c | 3 +-
grub-core/fs/hfsplus.c | 3 +-
grub-core/fs/hfspluscomp.c | 9 +-
grub-core/fs/iso9660.c | 18 ++-
grub-core/fs/jfs.c | 92 ++++++++---
grub-core/fs/minix.c | 10 +-
grub-core/fs/newc.c | 1 +
grub-core/fs/nilfs2.c | 10 +-
grub-core/fs/ntfs.c | 273 ++++++++++++++++++++++++++++++---
grub-core/fs/ntfscomp.c | 11 +-
grub-core/fs/odc.c | 1 +
grub-core/fs/proc.c | 1 +
grub-core/fs/reiserfs.c | 10 +-
grub-core/fs/romfs.c | 10 +-
grub-core/fs/sfs.c | 13 +-
grub-core/fs/squash4.c | 21 ++-
grub-core/fs/tar.c | 48 ++++--
grub-core/fs/udf.c | 10 +-
grub-core/fs/ufs.c | 12 +-
grub-core/fs/xfs.c | 33 +++-
grub-core/fs/zfs/zfs.c | 87 +++++++++--
grub-core/gettext/gettext.c | 15 +-
grub-core/kern/disk.c | 27 +++-
grub-core/kern/dl.c | 22 ++-
grub-core/kern/file.c | 10 ++
grub-core/kern/main.c | 12 ++
grub-core/kern/misc.c | 9 +-
grub-core/kern/partition.c | 22 ++-
grub-core/loader/i386/bsd.c | 14 +-
grub-core/loader/i386/linux.c | 2 +-
grub-core/net/bootp.c | 16 +-
grub-core/net/dns.c | 13 +-
grub-core/net/drivers/ieee1275/ofnet.c | 20 ++-
grub-core/net/net.c | 93 +++++++++--
grub-core/net/tftp.c | 38 +++--
grub-core/normal/auth.c | 30 ++++
grub-core/normal/main.c | 10 +-
grub-core/normal/menu.c | 5 +-
grub-core/normal/menu_entry.c | 4 +
grub-core/osdep/linux/getroot.c | 3 +
grub-core/script/execute.c | 17 ++
grub-core/video/readers/jpeg.c | 4 +
grub-core/video/readers/png.c | 2 +-
include/grub/auth.h | 1 +
include/grub/cryptodisk.h | 3 +
include/grub/dl.h | 8 +-
include/grub/err.h | 4 +-
include/grub/fs.h | 4 +
include/grub/misc.h | 41 +++++
include/grub/net.h | 13 +-
include/grub/ntfs.h | 25 +++
util/misc.c | 4 +-
85 files changed, 1524 insertions(+), 272 deletions(-)
Alec Brown (10):
disk: Use safe math macros to prevent overflows
disk: Prevent overflows when allocating memory for arrays
disk: Check if returned pointer for allocated memory is NULL
disk/ieee1275/ofdisk: Call grub_ieee1275_close() when grub_malloc() fails
net: Check if returned pointer for allocated memory is NULL
fs/sfs: Check if allocated memory is NULL
bus/usb/ehci: Define GRUB_EHCI_TOGGLE as grub_uint32_t
normal/menu: Use safe math to avoid an integer overflow
loader/i386/linux: Cast left shift to grub_uint32_t
loader/i386/bsd: Use safe math to avoid underflow
B Horn (31):
misc: Implement grub_strlcpy()
fs/ufs: Fix a heap OOB write
fs/hfs: Fix stack OOB write with grub_strcpy()
fs/tar: Initialize name in grub_cpio_find_file()
fs/f2fs: Set a grub_errno if mount fails
fs/hfsplus: Set a grub_errno if mount fails
fs/iso9660: Set a grub_errno if mount fails
fs/ntfs: Track the end of the MFT attribute buffer
fs/ntfs: Use a helper function to access attributes
fs/ntfs: Implement attribute verification
fs/xfs: Ensuring failing to mount sets a grub_errno
kern/file: Ensure file->data is set
kern/file: Implement filesystem reference counting
disk/loopback: Reference tracking for the loopback
kern/disk: Limit recursion depth
kern/partition: Limit recursion in part_iterate()
script/execute: Limit the recursion depth
net: Unregister net_default_ip and net_default_mac variables hooks on
unload
net: Remove variables hooks when interface is unregisted
net: Fix OOB write in grub_net_search_config_file()
net/tftp: Fix stack buffer overflow in tftp_open()
kern/dl: Fix for an integer overflow in grub_dl_ref()
kern/dl: Use correct segment in grub_dl_set_mem_attrs()
kern/dl: Check for the SHF_INFO_LINK flag in grub_dl_relocate_symbols()
commands/ls: Fix NULL dereference
commands/pgp: Unregister the "check_signatures" hooks on module unload
normal: Remove variables hooks on module unload
gettext: Remove variables hooks on module unload
commands/minicmd: Block the dump command in lockdown mode
commands/memrw: Disable memory reading in lockdown mode
commands/hexdump: Disable memory reading in lockdown mode
Daniel Axtens (3):
video/readers/jpeg: Do not permit duplicate SOF0 markers in JPEG
fs/bfs: Disable under lockdown
fs: Disable many filesystems under lockdown
Jonathan Bar Or (1):
commands/read: Fix an integer overflow when supplying more than 2^31
characters
Lidong Chen (23):
fs/tar: Integer overflow leads to heap OOB write
fs/jfs: Fix OOB read in jfs_getent()
fs/jfs: Fix OOB read caused by invalid dir slot index
fs/jfs: Use full 40 bits offset and address for a data extent
fs/jfs: Inconsistent signed/unsigned types usage in return values
commands/extcmd: Missing check for failed allocation
gettext: Integer overflow leads to heap OOB write or read
gettext: Integer overflow leads to heap OOB write
commands/test: Stack overflow due to unlimited recursion depth
fs: Use safe math macros to prevent overflows
fs: Prevent overflows when allocating memory for arrays
fs: Prevent overflows when assigning returned values from read_number()
fs/zfs: Use safe math macros to prevent overflows
fs/zfs: Prevent overflows when allocating memory for arrays
fs/zfs: Check if returned pointer for allocated memory is NULL
fs/zfs: Add missing NULL check after grub_strdup() call
net: Use safe math macros to prevent overflows
net: Prevent overflows when allocating memory for arrays
script/execute: Fix potential underflow and NULL dereference
osdep/unix/getroot: Fix potential underflow
misc: Ensure consistent overflow error messages
kern/partition: Add sanity check after grub_strtoul() call
kern/misc: Add sanity check after grub_strtoul() call
Michael Chang (5):
fs/iso9660: Fix invalid free
fs/ext2: Fix out-of-bounds read for inline extents
fs/ntfs: Fix out-of-bounds read
fs/xfs: Fix out-of-bounds read
disk/cryptodisk: Require authentication after TPM unlock for CLI access
- [SECURITY PATCH 00/73] GRUB2 vulnerabilities - 2025/02/18,
Daniel Kiper <=
- [SECURITY PATCH 02/73] fs/ufs: Fix a heap OOB write, Daniel Kiper, 2025/02/18
- [SECURITY PATCH 03/73] fs/hfs: Fix stack OOB write with grub_strcpy(), Daniel Kiper, 2025/02/18
- [SECURITY PATCH 01/73] misc: Implement grub_strlcpy(), Daniel Kiper, 2025/02/18
- [SECURITY PATCH 04/73] fs/tar: Initialize name in grub_cpio_find_file(), Daniel Kiper, 2025/02/18
- [SECURITY PATCH 05/73] fs/tar: Integer overflow leads to heap OOB write, Daniel Kiper, 2025/02/18
- [SECURITY PATCH 06/73] fs/f2fs: Set a grub_errno if mount fails, Daniel Kiper, 2025/02/18
- [SECURITY PATCH 07/73] fs/hfsplus: Set a grub_errno if mount fails, Daniel Kiper, 2025/02/18
- [SECURITY PATCH 08/73] fs/iso9660: Set a grub_errno if mount fails, Daniel Kiper, 2025/02/18
- [SECURITY PATCH 09/73] fs/iso9660: Fix invalid free, Daniel Kiper, 2025/02/18
- [SECURITY PATCH 10/73] fs/jfs: Fix OOB read in jfs_getent(), Daniel Kiper, 2025/02/18