[Bug 1173567] New: [ARM] lockdown bypass for loading unsigned modules - openSUSE Bugs

1 Jul 2020


      http://bugzilla.opensuse.org/show_bug.cgi?id=1173567
Bug ID: 1173567
           Summary: [ARM] lockdown bypass for loading unsigned modules
    Classification: openSUSE
           Product: openSUSE Distribution
           Version: Leap 15.2
          Hardware: aarch64
                OS: Other
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: Kernel
          Assignee: kernel-bugs@opensuse.org
          Reporter: guillaume.gardet@arm.com
        QA Contact: qa-bugs@suse.de
                CC: afaerber@suse.com, dmueller@suse.com
          Found By: ---
           Blocker: ---
There is an exploit on ARM SecureBoot. The lockdown can be bypassed for loading
unsigned modules.
See: https://www.openwall.com/lists/oss-security/2020/06/14/1
There is a WIP patch to harden the AML/memory interaction, preventing AML code
to poke around in memory:
http://lists.infradead.org/pipermail/linux-arm-kernel/2020-June/580418
This final patch will need to go to supported SLE/Leap.
-- 
You are receiving this mail because:
You are on the CC list for the bug.