1.6 KiB
CVE-2024-26678
Description
In the Linux kernel, the following vulnerability has been resolved:x86/efistub: Use 1:1 file:memory mapping for PE/COFF .compat sectionThe .compat section is a dummy PE section that contains the address ofthe 32-bit entrypoint of the 64-bit kernel image if it is bootable from32-bit firmware (i.e., CONFIG_EFI_MIXED=y)This section is only 8 bytes in size and is only referenced from theloader, and so it is placed at the end of the memory view of the image,to avoid the need for padding it to 4k, which is required for sectionsappearing in the middle of the image.Unfortunately, this violates the PE/COFF spec, and even if most EFIloaders will work correctly (including the Tianocore referenceimplementation), PE loaders do exist that reject such images, on thebasis that both the file and memory views of the file contents should bedescribed by the section headers in a monotonically increasing mannerwithout leaving any gaps.So reorganize the sections to avoid this issue. This results in a slightpadding overhead (< 4k) which can be avoided if desired by disablingCONFIG_EFI_MIXED (which is only needed in rare cases these days)
POC
Reference
No PoCs from references.