Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Re: Re: lockdown bypass on mainline kernel for loading unsigned modules

Related Vulnerabilities: CVE-2020-15780  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: Re: lockdown bypass on mainline kernel for loading unsigned modules

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Marcus Meissner &lt;meissner () suse de&gt;

Date: Mon, 20 Jul 2020 18:33:03 +0200

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
Hi,

CVE-2020-15780 was assigned to this.

Ciao, Marcus.
On Mon, Jun 15, 2020 at 05:03:12PM -0600, Jason A. Donenfeld wrote:
Hi Mitre,

People are requesting a CVE to track this and are poking me to poke
you to assign one. Note that this would be for a *different* CVE than
the one I requested for the Ubuntu vulnerability a minute ago. This
vulnerability here affects a different set of kernels and uses a
different vector.

Jason

On Mon, Jun 15, 2020 at 4:26 AM Jason A. Donenfeld &lt;Jason () zx2c4 com&gt; wrote:

Hi everyone,

Yesterday, I found a lockdown bypass in Ubuntu 18.04's kernel using
ACPI table tricks via the efi ssdt variable [1]. Today I found another
one that's a bit easier to exploit and appears to be unpatched on
mainline, using acpi_configfs to inject an ACPI table. The tricks are
basically the same as the first one, but this one appears to be
unpatched, at least on my test machine. Explanation is in the header
of the PoC:

https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh

I need to get some sleep, but if nobody posts a patch in the
meanwhile, I'll try to post a fix tomorrow.

Jason

[1] https://www.openwall.com/lists/oss-security/2020/06/14/1

-- 
Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi. 3.1-33,+49-911-740 
53-432,,serv=loki,mail=wotan,type=real &lt;meissner () suse de&gt;

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

Re: Re: lockdown bypass on mainline kernel for loading unsigned modules Marcus Meissner (Jul 20)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started