aboutsummaryrefslogtreecommitdiff
path: root/website/static/security/advisories/FreeBSD-EN-22:27.loader.asc
diff options
context:
space:
mode:
Diffstat (limited to 'website/static/security/advisories/FreeBSD-EN-22:27.loader.asc')
-rw-r--r--website/static/security/advisories/FreeBSD-EN-22:27.loader.asc127
1 files changed, 127 insertions, 0 deletions
diff --git a/website/static/security/advisories/FreeBSD-EN-22:27.loader.asc b/website/static/security/advisories/FreeBSD-EN-22:27.loader.asc
new file mode 100644
index 0000000000..bfbb585e38
--- /dev/null
+++ b/website/static/security/advisories/FreeBSD-EN-22:27.loader.asc
@@ -0,0 +1,127 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-22:27.loader Errata Notice
+ The FreeBSD Project
+
+Topic: UEFI loader failing to boot older amd64 kernels
+
+Category: core
+Module: loader
+Announced: 2022-11-01
+Affects: FreeBSD 13.1
+Corrected: 2022-10-14 03:06:13 UTC (stable/13, 13.1-STABLE)
+ 2022-11-01 18:03:25 UTC (releng/13.1, 13.1-RELEASE-p3)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:https://security.FreeBSD.org/>.
+
+I. Background
+
+The UEFI loader is the first stage of the FreeBSD boot process on UEFI systems.
+Loader is responsible for loading the boot configuration, kernel and modules,
+and handing control off to the kernel.
+
+II. Problem Description
+
+As of FreeBSD 13.1, the UEFI loader on amd64 systems will detect if the kernel
+it loaded is capable of being relocated to a different physical address than the
+historical load address. This detection relied on an ELF symbol lookup that was
+not correctly filtering symbols based on their type, which caused a false
+positive result for older amd64 kernels.
+
+III. Impact
+
+The UEFI loader would relocate the kernel to a different physical address than
+expected, and the resulting kernel would fail to boot.
+
+IV. Workaround
+
+This problem can be worked around by entering the loader prompt and issuing the
+command: `copy_staging enable`. Non-amd64 systems are not affected.
+
+V. Solution
+
+Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date. The UEFI system partition will
+need to be updated with the new loader.efi.
+
+Perform one of the following:
+
+1) To update your system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the amd64, i386, or
+(on FreeBSD 13 and later) arm64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+2) To update your system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-22:27/loader.patch
+# fetch https://security.FreeBSD.org/patches/EN-22:27/loader.patch.asc
+# gpg --verify loader.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI. Correction details
+
+This issue is corrected by the corresponding Git commit hash or Subversion
+revision number in the following stable and release branches:
+
+Branch/path Hash Revision
+- -------------------------------------------------------------------------
+stable/13/ 2b31059ea701 stable/13-n252746
+releng/13.1/ 1ee7e4ba70e1 releng/13.1-n250166
+- -------------------------------------------------------------------------
+
+Run the following command to see which files were modified by a
+particular commit:
+
+# git show --stat <commit hash>
+
+Or visit the following URL, replacing NNNNNN with the hash:
+
+<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>
+
+To determine the commit count in a working tree (for comparison against
+nNNNNNN in the table above), run:
+
+# git rev-list --count --first-parent HEAD
+
+VII. References
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-22:27.loader.asc>
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmNhmMsACgkQ05eS9J6n
+5cIuFQ/+LdOLKHA1cCH70lEAIwbDjP3S+WPRcv/jdXl8h8447ZzKMcavy8/sTPRF
+k91YVngHozGASdFfF4RrYf0kx1/hNhNMOaBQbZKdsEniKAOroiT+gjLCid5ZDoMJ
+AQ8P3FohL+53Au8u96F4Shoq8y6zNx61twbZU4dh2rQh3pXjqcEa9fs21dcopmwQ
+ssozddGqZeFhqYzvq47ZnBeny/M2vHtxkckbNZd616zCKTUuOGsdNb0kDqcxybZj
+tQYQ9dZGbb96LFf2U/3lyhkrk9HK3zl/vdtbJYPvmN/6paCQYzjAxNgbYHJy3ABY
+52+BbIeVqjHUffve+Jj0F3RWUGYmXeQ3nNPHCVQR801y0p39bH0nQAN03asHPzMb
+wzIzDHXNMcs2qps3ZEBRarOgUOTVzaa90oZXQibp5xqqHyprf4LLOtjXFHSBui7f
+AaK7NtEdlM8SbQ2+rSYPj4BTkn2b7wSBUcMA5dJMyqXmFUWx/K8OSnUwz+3ZCCPX
+gx6zJxkfCmU9/DI/fN3w6SZvBDATleH6KJEsp8lCIw73ODhpYZgLNdMp8QqPRBoz
+mT/j5zYDmONswHlgJ1Er9hivTGsW3H/vftn5Ct2kJgOkViFspUaVTcLgxhc5xKAC
+PE2/JaHgfndyi8MdJY0WIylnVzquid+RkOPYaSAMaGA37Ios/XI=
+=yeiP
+-----END PGP SIGNATURE-----
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-26 03:42:13 +0000