oss-sec mailing list archives
Re: Re: lockdown bypass on ubuntu 18.04's 4.15 kernel for loading unsigned modules
From: Reed Loden <reed () reedloden com>
Date: Mon, 15 Jun 2020 17:09:51 -0700
Please use https://cveform.mitre.org/ to request a CVE directly from MITRE. That’s your quickest and best way. :-) ~reed On Mon, Jun 15, 2020 at 4:02 PM Jason A. Donenfeld <Jason () zx2c4 com> wrote:
Hi Mitre, People are requesting a CVE to track this and are poking me to poke you to assign one. Jason On Sun, Jun 14, 2020 at 12:30 AM Jason A. Donenfeld <Jason () zx2c4 com> wrote:Hey folks, I noticed that Ubuntu 18.04's 4.15 kernels forgot to protect efivar_ssdt with lockdown, making that a vector for disabling lockdown on an efi secure boot machine. I wrote a little PoC exploit to demonstrate these types of ACPI shenanigans:https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language.shThe comment on the top has description of exploit strategy and such. I haven't yet looked into other kernels and distros that might be affected, though afaict, Canonical's kernel seems to deviate a lot from upstream. Jason
Current thread:
- lockdown bypass on ubuntu 18.04's 4.15 kernel for loading unsigned modules Jason A. Donenfeld (Jun 13)
- Re: lockdown bypass on ubuntu 18.04's 4.15 kernel for loading unsigned modules Jason A. Donenfeld (Jun 15)
- Re: Re: lockdown bypass on ubuntu 18.04's 4.15 kernel for loading unsigned modules Reed Loden (Jun 15)
- Re: lockdown bypass on ubuntu 18.04's 4.15 kernel for loading unsigned modules Jason A. Donenfeld (Jun 15)