[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: lockdown bypass on mainline kernel for loading unsigned modules
From:       "Jason A. Donenfeld" <Jason () zx2c4 ! com>
Date:       2020-06-15 23:03:12
Message-ID: CAHmME9o3YX12Ek0L1GgSXj9QfnNmeO8zKDdnvk2b86c2ZW9cLw () mail ! gmail ! com
[Download RAW message or body]

Hi Mitre,

People are requesting a CVE to track this and are poking me to poke
you to assign one. Note that this would be for a *different* CVE than
the one I requested for the Ubuntu vulnerability a minute ago. This
vulnerability here affects a different set of kernels and uses a
different vector.

Jason

On Mon, Jun 15, 2020 at 4:26 AM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
> Hi everyone,
>
> Yesterday, I found a lockdown bypass in Ubuntu 18.04's kernel using
> ACPI table tricks via the efi ssdt variable [1]. Today I found another
> one that's a bit easier to exploit and appears to be unpatched on
> mainline, using acpi_configfs to inject an ACPI table. The tricks are
> basically the same as the first one, but this one appears to be
> unpatched, at least on my test machine. Explanation is in the header
> of the PoC:
>
> https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh
>
> I need to get some sleep, but if nobody posts a patch in the
> meanwhile, I'll try to post a fix tomorrow.
>
> Jason
>
> [1] https://www.openwall.com/lists/oss-security/2020/06/14/1
[prev in list] [next in list] [prev in thread] [next in thread]