|
|
Subscribe / Log in / New account

Much ado about SBAT

Much ado about SBAT

Posted Jul 21, 2023 20:11 UTC (Fri) by pjones (subscriber, #31722)
In reply to: Much ado about SBAT by nijhof
Parent article: Much ado about SBAT

The two that spring to mind, where in the past we've had to rotate signing keys as a result, are CVE-2019-20908 and CVE-2020-15780. Both of them let you inject ACPI tables during boot, which in turn lets you run unsigned code in the kernel.

to post comments

Kernel memory corruption is a secure boot bypass

Posted Jul 25, 2023 19:35 UTC (Tue) by DemiMarie (subscriber, #164188) [Link]

There are also many, many privilege escalation vulnerabilities with the same result. That’s why forbidding kernel downgrades within a stable release series really is the only answer that can be supported upstream. The attack surface of the upstream kernel is just too broad to be able to do otherwise. Downstreams can shrink the attack surface massively by disabling kernel features not in use and by preventing unsigned privileged userspace code from running, but upstream cannot do either.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds