Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 15 Jun 2020 17:22:27 +0100
From: John Haxby <>
To:, "Jason A. Donenfeld" <>
        Matthew Garrett <>,,
        Ubuntu Kernel Team <>
Subject: Re: [oss-security] lockdown bypass on mainline kernel for loading
 unsigned modules

Hi Jason,

> On 15 Jun 2020, at 11:26, Jason A. Donenfeld <> wrote:
> Hi everyone,
> Yesterday, I found a lockdown bypass in Ubuntu 18.04's kernel using
> ACPI table tricks via the efi ssdt variable [1]. Today I found another
> one that's a bit easier to exploit and appears to be unpatched on
> mainline, using acpi_configfs to inject an ACPI table. The tricks are
> basically the same as the first one, but this one appears to be
> unpatched, at least on my test machine. Explanation is in the header
> of the PoC:
> I need to get some sleep, but if nobody posts a patch in the
> meanwhile, I'll try to post a fix tomorrow.
> Jason
> [1]

This looks CVE-worthy.   Are you going to ask for a CVE for it?


Download attachment "signature.asc" of type "application/pgp-signature" (269 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.