http://bugzilla.opensuse.org/show_bug.cgi?id=1173567
http://bugzilla.opensuse.org/show_bug.cgi?id=1173567#c2
--- Comment #2 from Marcus Meissner ---
Date: Sun, 14 Jun 2020 00:30:54 -0600
From: "Jason A. Donenfeld"
To: oss-security ,
Ubuntu Kernel Team
Subject: lockdown bypass on ubuntu 18.04's 4.15 kernel for loading unsigned
modules
Hey folks,
I noticed that Ubuntu 18.04's 4.15 kernels forgot to protect
efivar_ssdt with lockdown, making that a vector for disabling lockdown
on an efi secure boot machine. I wrote a little PoC exploit to
demonstrate these types of ACPI shenanigans:
https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-lang...
The comment on the top has description of exploit strategy and such. I
haven't yet looked into other kernels and distros that might be
affected, though afaict, Canonical's kernel seems to deviate a lot
from upstream.
Jason
--
You are receiving this mail because:
You are the assignee for the bug.