*** This bug is a security vulnerability *** Public security bug reported:
Upstream git commit 1957a85b0032 needs to be backported to older releases: efi: Restrict efivar_ssdt_load when the kernel is locked down efivar_ssdt_load allows the kernel to import arbitrary ACPI code from an EFI variable, which gives arbitrary code execution in ring 0. Prevent that when the kernel is locked down. Code introduced in 475fb4e8b2f4444d1d7b406ff3a7d21bc89a1e6f break-fix: 475fb4e8b2f4444d1d7b406ff3a7d21bc89a1e6f 1957a85b0032a81e6482ca4aab883643b8dae06e ** Affects: linux (Ubuntu) Importance: Undecided Status: New ** Description changed: Upstream git commit 1957a85b0032 needs to be backported to older releases: - efi: Restrict efivar_ssdt_load when the kernel is locked down + efi: Restrict efivar_ssdt_load when the kernel is locked down - efivar_ssdt_load allows the kernel to import arbitrary ACPI code from an - EFI variable, which gives arbitrary code execution in ring 0. Prevent - that when the kernel is locked down. + efivar_ssdt_load allows the kernel to import arbitrary ACPI code from an + EFI variable, which gives arbitrary code execution in ring 0. Prevent + that when the kernel is locked down. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1883598 Title: efi: Restrict efivar_ssdt_load when the kernel is locked down To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883598/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs