linux: Staging modules should be unsigned
Bug #1642368 reported by
Tim Gardner
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Trusty |
Won't Fix
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Yakkety |
Won't Fix
|
Undecided
|
Unassigned | ||
Zesty |
Fix Released
|
Undecided
|
Unassigned | ||
Impish |
Won't Fix
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Medium
|
Unassigned | ||
Kinetic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Modules under the drivers/staging hierarchy get little attention when it comes to vulnerabilities. It is possible that memory mapping tricks that expose kernel internals would go unnoticed. Therefore, do not sign staging modules so that they cannot be loaded in a secure boot environment.
CVE References
Changed in linux (Ubuntu Trusty): | |
assignee: | nobody → Tim Gardner (timg-tpi) |
status: | New → In Progress |
Changed in linux (Ubuntu Xenial): | |
assignee: | nobody → Tim Gardner (timg-tpi) |
status: | New → In Progress |
Changed in linux (Ubuntu Yakkety): | |
assignee: | nobody → Tim Gardner (timg-tpi) |
status: | New → In Progress |
Changed in linux (Ubuntu Zesty): | |
assignee: | nobody → Tim Gardner (timg-tpi) |
status: | New → In Progress |
Changed in linux (Ubuntu Xenial): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu): | |
assignee: | Tim Gardner (timg-tpi) → nobody |
Changed in linux (Ubuntu Trusty): | |
assignee: | Tim Gardner (timg-tpi) → nobody |
Changed in linux (Ubuntu Xenial): | |
assignee: | Tim Gardner (timg-tpi) → nobody |
Changed in linux (Ubuntu Yakkety): | |
assignee: | Tim Gardner (timg-tpi) → nobody |
Changed in linux (Ubuntu Zesty): | |
assignee: | Tim Gardner (timg-tpi) → nobody |
Changed in linux (Ubuntu Impish): | |
status: | New → Won't Fix |
Changed in linux (Ubuntu Jammy): | |
status: | New → In Progress |
importance: | Undecided → Medium |
Changed in linux (Ubuntu Jammy): | |
status: | In Progress → Fix Committed |
tags: |
added: verification-done-focal verification-done-jammy removed: verification-needed-focal verification-needed-jammy |
Changed in linux (Ubuntu Trusty): | |
status: | In Progress → Won't Fix |
To post a comment you must log in.
This bug was fixed in the package linux - 4.9.0-11.12
---------------
linux (4.9.0-11.12) zesty; urgency=low
* Miscellaneous Ubuntu changes
- UBUNTU: SAUCE: Add '-fno-pie -no-pie' to cflags for x86 selftests
- UBUNTU: SAUCE: (no-up) aufs: for v4.9-rc1, support setattr_prepare()
[ Upstream Kernel Changes ]
* rebase to v4.9
-- Tim Gardner <email address hidden> Mon, 12 Dec 2016 06:40:40 -0700