[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE-2022-21499: trivial lockdown break
From: John Haxby <john.haxby () oracle ! com>
Date: 2022-05-24 20:18:02
Message-ID: D57406DE-02FB-43BD-BE4D-27A8ECA2C517 () oracle ! com
[Download RAW message or body]
> On 24 May 2022, at 18:10, John Haxby <john.haxby@oracle.com> wrote:
>
> Hello All,
>
> CVE-2022-21499: trivial lockdown break
>
> We recently discovered that it is trivial to break lockdown (and secureboot) using the kernel \
> debugger: you can use the debugger to write zero into a location of your choice ...
> I originally posted this with a preliminary patch on linux-distros. Since then we have \
> developed a better patch that takes into account the differences between integrity and \
> confidentiality modes.
> The updated patch will be available in the Linux mainline kernel at almost the same time as \
> I'm sending this email. I'll reply with the commit ID as soon as I have it. If anyone \
> wants the simpler patch that I posted to linux-bistros, please let me know, but I would \
> encourage you to take the full patch.
> jch
The commit that fixes this is eadb2f47a3ce ("lockdown: also lock down previous kgdb use") [1]
jch
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eadb2f47a3ced5c64b23b90fd2a3463f63726066
["signature.asc" (signature.asc)]
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iHQEAREIAB0WIQT+pxvb11CFWUkNSOVFC7t+lC+jyAUCYo09eQAKCRBFC7t+lC+j
yOaYAQCURnz9PEkJGyQzhFHXUy7V9i4V5HUH1pqji05jwTRGQgD4pjEmVQCqWN41
wL21D+dmW2vpKc/zasiu9Pa1ktUYdw==
=pMH8
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic