|
|
Subscribe / Log in / New account

Much ado about SBAT

Much ado about SBAT

Posted Jul 21, 2023 19:16 UTC (Fri) by nijhof (subscriber, #4034)
In reply to: Much ado about SBAT by bluca
Parent article: Much ado about SBAT

You seem to have an idea of what issues this should be used for. So could you please list the 5 most recent issues that would have required a version bump?

to post comments

Much ado about SBAT

Posted Jul 21, 2023 20:11 UTC (Fri) by pjones (subscriber, #31722) [Link] (1 responses)

The two that spring to mind, where in the past we've had to rotate signing keys as a result, are CVE-2019-20908 and CVE-2020-15780. Both of them let you inject ACPI tables during boot, which in turn lets you run unsigned code in the kernel.

Kernel memory corruption is a secure boot bypass

Posted Jul 25, 2023 19:35 UTC (Tue) by DemiMarie (subscriber, #164188) [Link]

There are also many, many privilege escalation vulnerabilities with the same result. That’s why forbidding kernel downgrades within a stable release series really is the only answer that can be supported upstream. The attack surface of the upstream kernel is just too broad to be able to do otherwise. Downstreams can shrink the attack surface massively by disabling kernel features not in use and by preventing unsigned privileged userspace code from running, but upstream cannot do either.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds