CVE-2022-21499: trivial lockdown break

[John Haxby <john.haxby () oracle com>]

Hello All,

CVE-2022-21499: trivial lockdown break

We recently discovered that it is trivial to break lockdown (and secureboot) using the kernel debugger: you can use the 
debugger to write zero into a location of your choice ...

I originally posted this with a preliminary patch on linux-distros.   Since then we have developed a better patch that 
takes into account the differences between integrity and confidentiality modes.

The updated patch will be available in the Linux mainline kernel at almost the same time as I'm sending this email.  
I'll reply with the commit ID as soon as I have it.   If anyone wants the simpler patch that I posted to linux-bistros, 
please let me know, but I would encourage you to take the full patch.

jch

Attachment: signature.asc
Description: Message signed with OpenPGP