Vulmon
<!--X-Body-Begin-->
<!--X-User-Header-->
oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->
By Date
By Thread
</form>
<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: Re: lockdown bypass on ubuntu 18.04's 4.15 kernel for loading unsigned modules
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->
From: Marcus Meissner <meissner () suse de>
Date: Mon, 20 Jul 2020 18:32:34 +0200
<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Hi,
This has gotten assigned CVE-2019-20908.
Ciao, Marcus
On Mon, Jun 15, 2020 at 05:09:51PM -0700, Reed Loden wrote:
Please use
https://cveform.mitre.org/ to request a CVE directly from MITRE. That’s
your quickest and best way. :-)
~reed
On Mon, Jun 15, 2020 at 4:02 PM Jason A. Donenfeld <Jason () zx2c4 com> wrote:
Hi Mitre,
People are requesting a CVE to track this and are poking me to poke
you to assign one.
Jason
On Sun, Jun 14, 2020 at 12:30 AM Jason A. Donenfeld <Jason () zx2c4 com>
wrote:
Hey folks,
I noticed that Ubuntu 18.04's 4.15 kernels forgot to protect
efivar_ssdt with lockdown, making that a vector for disabling lockdown
on an efi secure boot machine. I wrote a little PoC exploit to
demonstrate these types of ACPI shenanigans:
https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language.sh
The comment on the top has description of exploit strategy and such. I
haven't yet looked into other kernels and distros that might be
affected, though afaict, Canonical's kernel seems to deviate a lot
from upstream.
Jason
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
By Date
By Thread
Current thread:
Re: Re: lockdown bypass on ubuntu 18.04's 4.15 kernel for loading unsigned modules Marcus Meissner (Jul 20)
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->