Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20200720163233.GA3712@suse.de>
Date: Mon, 20 Jul 2020 18:32:34 +0200
From: Marcus Meissner <meissner@...e.de>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: Re: lockdown bypass on ubuntu 18.04's 4.15 kernel
 for loading unsigned modules

Hi,

This has gotten assigned CVE-2019-20908.

Ciao, Marcus

On Mon, Jun 15, 2020 at 05:09:51PM -0700, Reed Loden wrote:
> Please use
> https://cveform.mitre.org/ to request a CVE directly from MITRE. That’s
> your quickest and best way. :-)
> 
> ~reed
> 
> On Mon, Jun 15, 2020 at 4:02 PM Jason A. Donenfeld <Jason@...c4.com> wrote:
> 
> > Hi Mitre,
> >
> > People are requesting a CVE to track this and are poking me to poke
> > you to assign one.
> >
> > Jason
> >
> > On Sun, Jun 14, 2020 at 12:30 AM Jason A. Donenfeld <Jason@...c4.com>
> > wrote:
> > >
> > > Hey folks,
> > >
> > > I noticed that Ubuntu 18.04's 4.15 kernels forgot to protect
> > > efivar_ssdt with lockdown, making that a vector for disabling lockdown
> > > on an efi secure boot machine. I wrote a little PoC exploit to
> > > demonstrate these types of ACPI shenanigans:
> > >
> > >
> > https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language.sh
> > >
> > > The comment on the top has description of exploit strategy and such. I
> > > haven't yet looked into other kernels and distros that might be
> > > affected, though afaict, Canonical's kernel seems to deviate a lot
> > > from upstream.
> > >
> > > Jason

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.