kernel does not honor mokx revocations, allowing kexec lockdown bypass
Bug #1918960 reported by
Steve Beattie
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
All kernels do not honor mokx certificate revocations, and thus does not honor the 2012 certificate revocation, nor the post 2017 certificate signed kernels that allow acpi bypass. This can allow bypass of lockdown restrictions.
CVE References
summary: |
- placeholder + kernel does not honor mokx revocations, allowing kexec lockdown bypass |
description: | updated |
information type: | Private Security → Public Security |
Changed in linux (Ubuntu): | |
status: | Incomplete → Confirmed |
To post a comment you must log in.
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1918960
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.