new file mode 100644
@@ -0,0 +1,65 @@
+From be03a18b8767be50f16a845c389fd5ed29aae055 Mon Sep 17 00:00:00 2001
+From: Darren Kenny <darren.kenny@oracle.com>
+Date: Fri, 11 Dec 2020 15:03:13 +0000
+Subject: [PATCH] kern/efi/mm: Fix possible NULL pointer dereference
+
+The model of grub_efi_get_memory_map() is that if memory_map is NULL,
+then the purpose is to discover how much memory should be allocated to
+it for the subsequent call.
+
+The problem here is that with grub_efi_is_finished set to 1, there is no
+check at all that the function is being called with a non-NULL memory_map.
+
+While this MAY be true, we shouldn't assume it.
+
+The solution to this is to behave as expected, and if memory_map is NULL,
+then don't try to use it and allow memory_map_size to be filled in, and
+return 0 as is done later in the code if the buffer is too small (or NULL).
+
+Additionally, drop unneeded ret = 1.
+
+Fixes: CID 96632
+
+Signed-off-by: Darren Kenny <darren.kenny@oracle.com>
+Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
+
+Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/grub.git/commit/?id=6aee4bfd6973c714056fb7b56890b8d524e94ee1]
+Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
+---
+ grub-core/kern/efi/mm.c | 19 ++++++++++++++-----
+ 1 file changed, 14 insertions(+), 5 deletions(-)
+
+diff --git a/grub-core/kern/efi/mm.c b/grub-core/kern/efi/mm.c
+index b02fab1..5afcef7 100644
+--- a/grub-core/kern/efi/mm.c
++++ b/grub-core/kern/efi/mm.c
+@@ -328,15 +328,24 @@ grub_efi_get_memory_map (grub_efi_uintn_t *memory_map_size,
+ if (grub_efi_is_finished)
+ {
+ int ret = 1;
+- if (*memory_map_size < finish_mmap_size)
++
++ if (memory_map != NULL)
+ {
+- grub_memcpy (memory_map, finish_mmap_buf, *memory_map_size);
+- ret = 0;
++ if (*memory_map_size < finish_mmap_size)
++ {
++ grub_memcpy (memory_map, finish_mmap_buf, *memory_map_size);
++ ret = 0;
++ }
++ else
++ grub_memcpy (memory_map, finish_mmap_buf, finish_mmap_size);
+ }
+ else
+ {
+- grub_memcpy (memory_map, finish_mmap_buf, finish_mmap_size);
+- ret = 1;
++ /*
++ * Incomplete, no buffer to copy into, same as
++ * GRUB_EFI_BUFFER_TOO_SMALL below.
++ */
++ ret = 0;
+ }
+ *memory_map_size = finish_mmap_size;
+ if (map_key)
@@ -53,6 +53,7 @@ SRC_URI = "${GNU_MIRROR}/grub/grub-${PV}.tar.gz \
file://0004-kern-parser-Fix-resource-leak-if-argc-0.patch \
file://0005-efi-Fix-some-malformed-device-path-arithmetic-errors.patch \
file://0006-kern-efi-Fix-memory-leak-on-failure.patch \
+ file://0007-kern-efi-mm-Fix-possible-NULL-pointer-dereference.patch \
"
SRC_URI[md5sum] = "5ce674ca6b2612d8939b9e6abed32934"
SRC_URI[sha256sum] = "f10c85ae3e204dbaec39ae22fa3c5e99f0665417e91c2cb49b7e5031658ba6ea"