Discover Security Vulnerabilities News
Linux Lands Fix For A Trivial Lockdown Bypass Bug
Merged yesterday afternoon to the mainline Linux 5.19 Git kernel and set for back-porting is a fix for a new security bug. Oracle made public CVE-2022-21505 on Tuesday as a trivial bypass to the Linux kernel's lockdown mode.
The Linux Lockdown security module is used most often with UEFI Secure Boot but can be used outside of Secure Boot too if wanting to prevent Kexec'ing untrusted kernels. The Lockdown LSM was introduced a few years ago for preventing direct and indirect access to a running kernel image to fend off unauthorized/unintended modifications. The Lockdown mode aims to prevent against Kexec'ing into an alternate kernel, blocks access to interfaces like /dev/mem, and places other restrictions. Lockdown mode is used when running UEFI Secure Boot but also has use-cases outside of it.
Oracle engineers discovered that the lockdown mode can be easily bypassed if running in the IMA (Integrity Measurement Architecture) appraisal mode with the "ima_appraise=log" option. For those using the Lockdown LSM without Secure Boot active, it was found to be rather easy to defeat it.