kernel does not honor mokx revocations, allowing kexec lockdown bypass
Bug #1918960 reported by
Steve Beattie
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| linux (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
All kernels do not honor mokx certificate revocations, and thus does not honor the 2012 certificate revocation, nor the post 2017 certificate signed kernels that allow acpi bypass. This can allow bypass of lockdown restrictions.
CVE References
| summary: |
- placeholder + kernel does not honor mokx revocations, allowing kexec lockdown bypass |
| description: | updated |
| information type: | Private Security → Public Security |
Revision history for this message
| Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote Missing required logs. | #1 |
| Changed in linux (Ubuntu): | |
| status: | New → Incomplete |
Revision history for this message
| Steve Beattie (sbeattie) wrote | #2 |
| Changed in linux (Ubuntu): | |
| status: | Incomplete → Confirmed |
Revision history for this message
| Steve Beattie (sbeattie) wrote | #3 |
To post a comment you must log in.
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1918960
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.