Lockdown security module bypass on Linux

by | Jun 17, 2020

The Lockdown security module introduced in Linux 5.4 to lock certain parts of the kernel seems not to be as effective as expected. A developer has managed to skip this protection on Ubuntu 18.04 and break Secure Boot. To do this, he has used ACPI tables, the standard that controls the operation of the BIOS and provides advanced functionalities to manage and save energy.

As the Ubuntu kernel is quite modified, it was initially thought that it would be a specific vulnerability of this operating system. But Jason Donenfeld, the WireGuard developer who discovered the vulnerability, found another very similar security flaw in the main branch of the Linux kernel. He has managed to exploit it by also injecting ACPI tables and handling to disable Lockdown completely.

This security hole is more delicate than the one found in Ubuntu, since it is not necessary to restart the system to exploit it. The root of the problem is in the ACPI ConfigFS module, which lets you add arbitrary tables at runtime.

Donenfeld has verified that even can break the security of the system with Secure Boot enabled. He has successfully loaded arbitrary unsigned kernel modules onto the system.

Fortunately, the developer himself has created and released the patch that fixes this vulnerability**. They are just five lines of code whose job is to check the Lockdown status before giving the green light to writing ACPI tables.

More information: MuyLinux

SHARE

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Recent posts

VDI: The most secure environment for hybrid working

Today is Data Privacy Day. The purpose of this date is to raise awareness and promote privacy and data protection best practices. It was initiated by the European Commission, the Council of Europe, and the Data Protection authorities of the European Union’s member states. Their main goal was to drive attention to the importance of privacy, user data protection, and compliance of the General Data Protection Regulation (RGPD). It is a regulation characterized by significant fines for non-compliance since its implementation in 2018.

Archives


Stay up to date with all the news from UDS ENTERPRISE through our social networks. Follow us!

Skip to content