On Thu, Mar 20, 2025 at 06:28:00PM -0500, Andrew Hamilton wrote: > A regression was introduced recently as a part of the series of > filesystem related patches to address some CVEs found in GRUB. > > This issue may cause either an infinite loop at startup when > accessing certain valid NTFS file systems, or may cause a crash > due to a NULL pointer deference on systems where "NULL" address > is invalid (such as may happen when calling grub-mount from > the operating system level). > > Correct this issue by checking that at->attr_cur is within bounds > inside find_attr. > > Fixes: https://savannah.gnu.org/bugs/?66855 > > Co-authored-by: B Horn <[email protected]> > Co-authored-by: Andrew Hamilton <[email protected]> > Signed-off-by: Andrew Hamilton <[email protected]>
Reviewed-by: Daniel Kiper <[email protected]> Daniel _______________________________________________ Grub-devel mailing list [email protected] https://lists.gnu.org/mailman/listinfo/grub-devel
