desktop-virtualization-community-VDI-UDS-EnterpriseJOIN OUR COMMUNITY


Lockdown security module bypass on Linux

Posted by UDS Enterprise TeamLockdown security module bypass on Linux 2020-06-17 UDS Enterprise TeamLockdown security module bypass on Linux

The Lockdown security module introduced in Linux 5.4 to lock certain parts of the kernel seems not to be as effective as expected. A developer has managed to skip this protection on Ubuntu 18.04 and break Secure Boot. To do this, he has used ACPI tables, the standard that controls the operation of the BIOS and provides advanced functionalities to manage and save energy.

open padlock on keyboard

As the Ubuntu kernel is quite modified, it was initially thought that it would be a specific vulnerability of this operating system. But Jason Donenfeld, the WireGuard developer who discovered the vulnerability, found another very similar security flaw in the main branch of the Linux kernel. He has managed to exploit it by also injecting ACPI tables and handling to disable Lockdown completely.

This security hole is more delicate than the one found in Ubuntu, since it is not necessary to restart the system to exploit it. The root of the problem is in the ACPI ConfigFS module, which lets you add arbitrary tables at runtime.

Donenfeld has verified that even can break the security of the system with Secure Boot enabled. He has successfully loaded arbitrary unsigned kernel modules onto the system.

Fortunately, the developer himself has created and released thepatch that fixes this vulnerability**. They are just five lines of code whose job is to check the Lockdown status before giving the green light to writing ACPI tables.

More information: MuyLinux



You must authenticate to review this post