On Thu, Mar 20, 2025 at 06:28:00PM -0500, Andrew Hamilton wrote: > A regression was introduced recently as a part of the series of > filesystem related patches to address some CVEs found in GRUB. > > This issue may cause either an infinite loop at startup when > accessing certain valid NTFS file systems, or may cause a crash > due to a NULL pointer deference on systems where "NULL" address > is invalid (such as may happen when calling grub-mount from > the operating system level). > > Correct this issue by checking that at->attr_cur is within bounds > inside find_attr. > > Fixes: https://savannah.gnu.org/bugs/?66855 > > Co-authored-by: B Horn <b...@horn.uk> > Co-authored-by: Andrew Hamilton <adham...@gmail.com> > Signed-off-by: Andrew Hamilton <adham...@gmail.com>
Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com> Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
