Re: [oss-security] lockdown bypass on mainline kernel for loading unsigned modules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Jason,


> On 15 Jun 2020, at 11:26, Jason A. Donenfeld <Jason@xxxxxxxxx> wrote:
> 
> Hi everyone,
> 
> Yesterday, I found a lockdown bypass in Ubuntu 18.04's kernel using
> ACPI table tricks via the efi ssdt variable [1]. Today I found another
> one that's a bit easier to exploit and appears to be unpatched on
> mainline, using acpi_configfs to inject an ACPI table. The tricks are
> basically the same as the first one, but this one appears to be
> unpatched, at least on my test machine. Explanation is in the header
> of the PoC:
> 
> https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh
> 
> I need to get some sleep, but if nobody posts a patch in the
> meanwhile, I'll try to post a fix tomorrow.
> 
> Jason
> 
> [1] https://www.openwall.com/lists/oss-security/2020/06/14/1


This looks CVE-worthy.   Are you going to ask for a CVE for it?

jch

Attachment: signature.asc
Description: Message signed with OpenPGP


[Index of Archives]     [Linux IBM ACPI]     [Linux Power Management]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux