Hi Jason, > On 15 Jun 2020, at 11:26, Jason A. Donenfeld <Jason@xxxxxxxxx> wrote: > > Hi everyone, > > Yesterday, I found a lockdown bypass in Ubuntu 18.04's kernel using > ACPI table tricks via the efi ssdt variable [1]. Today I found another > one that's a bit easier to exploit and appears to be unpatched on > mainline, using acpi_configfs to inject an ACPI table. The tricks are > basically the same as the first one, but this one appears to be > unpatched, at least on my test machine. Explanation is in the header > of the PoC: > > https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh > > I need to get some sleep, but if nobody posts a patch in the > meanwhile, I'll try to post a fix tomorrow. > > Jason > > [1] https://www.openwall.com/lists/oss-security/2020/06/14/1 This looks CVE-worthy. Are you going to ask for a CVE for it? jch
Attachment:
signature.asc
Description: Message signed with OpenPGP
