Date: Wed, 18 Mar 2015 13:44:20 +0100 From: Florian Weimer <fweimer@...hat.com> To: oss-security@...ts.openwall.com, CVE-assign <cve-assign@...re.org> Subject: Re: CVE Request: Linux kernel execution in the early microcode loader. On 03/18/2015 01:25 PM, Quentin Casasnovas wrote: > The attack vector could be from anyone between Intel and people > shipping/packaging the microcode, or could potentially be used to get a > resilient backdoor on system already compromised by sticking a tampered > microcode on the initrd. It would also allow root to get kernel execution > by recreating the initrd. I admit these are overly paranoid scenarios, but > I _think_ there's still a privilege crossing from root to kernel exec which > could make sense on certain security model. Yes, Secure Boot separates root privileges from code execution in ring 0 (according to some interpretations of Secure Boot, in practice, signatures on binaries allowing ring 0 code execution are not revoked, so this new vulnerability does not alter the general picture). -- Florian Weimer / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ