[Kernel-packages] [Bug 1883598] Re: efi: Restrict efivar_ssdt_load when the kernel is locked down
[Expired for linux (Ubuntu) because there has been no activity for 60 days.] ** Changed in: linux (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1883598 Title: efi: Restrict efivar_ssdt_load when the kernel is locked down Status in linux package in Ubuntu: Expired Bug description: Upstream git commit 1957a85b0032 needs to be backported to older releases: efi: Restrict efivar_ssdt_load when the kernel is locked down efivar_ssdt_load allows the kernel to import arbitrary ACPI code from an EFI variable, which gives arbitrary code execution in ring 0. Prevent that when the kernel is locked down. Code introduced in 475fb4e8b2fd1d7b406ff3a7d21bc89a1e6f break-fix: 475fb4e8b2fd1d7b406ff3a7d21bc89a1e6f 1957a85b0032a81e6482ca4aab883643b8dae06e To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883598/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1883598] Re: efi: Restrict efivar_ssdt_load when the kernel is locked down
Looks like this has been addressed in bug 1884159: https://lists.ubuntu.com/archives/kernel-team/2020-June/111233.html https://lists.ubuntu.com/archives/kernel-team/2020-June/111200.html https://lists.ubuntu.com/archives/kernel-team/2020-June/111207.html I can see this patch in F/E/D/B As we don't have __init efivar_ssdt_setup() in xenial, do we still need this? Thanks ** Changed in: linux (Ubuntu) Status: Confirmed => Incomplete -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1883598 Title: efi: Restrict efivar_ssdt_load when the kernel is locked down Status in linux package in Ubuntu: Incomplete Bug description: Upstream git commit 1957a85b0032 needs to be backported to older releases: efi: Restrict efivar_ssdt_load when the kernel is locked down efivar_ssdt_load allows the kernel to import arbitrary ACPI code from an EFI variable, which gives arbitrary code execution in ring 0. Prevent that when the kernel is locked down. Code introduced in 475fb4e8b2fd1d7b406ff3a7d21bc89a1e6f break-fix: 475fb4e8b2fd1d7b406ff3a7d21bc89a1e6f 1957a85b0032a81e6482ca4aab883643b8dae06e To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883598/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1883598] Re: efi: Restrict efivar_ssdt_load when the kernel is locked down
** Changed in: linux (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1883598 Title: efi: Restrict efivar_ssdt_load when the kernel is locked down Status in linux package in Ubuntu: Confirmed Bug description: Upstream git commit 1957a85b0032 needs to be backported to older releases: efi: Restrict efivar_ssdt_load when the kernel is locked down efivar_ssdt_load allows the kernel to import arbitrary ACPI code from an EFI variable, which gives arbitrary code execution in ring 0. Prevent that when the kernel is locked down. Code introduced in 475fb4e8b2fd1d7b406ff3a7d21bc89a1e6f break-fix: 475fb4e8b2fd1d7b406ff3a7d21bc89a1e6f 1957a85b0032a81e6482ca4aab883643b8dae06e To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883598/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1883598] Re: efi: Restrict efivar_ssdt_load when the kernel is locked down
** Description changed: Upstream git commit 1957a85b0032 needs to be backported to older releases: efi: Restrict efivar_ssdt_load when the kernel is locked down efivar_ssdt_load allows the kernel to import arbitrary ACPI code from an EFI variable, which gives arbitrary code execution in ring 0. Prevent that when the kernel is locked down. + + Code introduced in 475fb4e8b2fd1d7b406ff3a7d21bc89a1e6f + + break-fix: 475fb4e8b2fd1d7b406ff3a7d21bc89a1e6f + 1957a85b0032a81e6482ca4aab883643b8dae06e -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1883598 Title: efi: Restrict efivar_ssdt_load when the kernel is locked down Status in linux package in Ubuntu: New Bug description: Upstream git commit 1957a85b0032 needs to be backported to older releases: efi: Restrict efivar_ssdt_load when the kernel is locked down efivar_ssdt_load allows the kernel to import arbitrary ACPI code from an EFI variable, which gives arbitrary code execution in ring 0. Prevent that when the kernel is locked down. Code introduced in 475fb4e8b2fd1d7b406ff3a7d21bc89a1e6f break-fix: 475fb4e8b2fd1d7b406ff3a7d21bc89a1e6f 1957a85b0032a81e6482ca4aab883643b8dae06e To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883598/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp