*** This bug is a security vulnerability ***
Public security bug reported:
Upstream git commit 1957a85b0032 needs to be backported to older
releases:
efi: Restrict efivar_ssdt_load when the kernel is locked down
efivar_ssdt_load allows the kernel to import arbitrary ACPI code from an
EFI variable, which gives arbitrary code execution in ring 0. Prevent
that when the kernel is locked down.
Code introduced in 475fb4e8b2f4444d1d7b406ff3a7d21bc89a1e6f
break-fix: 475fb4e8b2f4444d1d7b406ff3a7d21bc89a1e6f
1957a85b0032a81e6482ca4aab883643b8dae06e
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
Upstream git commit 1957a85b0032 needs to be backported to older
releases:
- efi: Restrict efivar_ssdt_load when the kernel is locked down
+ efi: Restrict efivar_ssdt_load when the kernel is locked down
- efivar_ssdt_load allows the kernel to import arbitrary ACPI code from an
- EFI variable, which gives arbitrary code execution in ring 0. Prevent
- that when the kernel is locked down.
+ efivar_ssdt_load allows the kernel to import arbitrary ACPI code from an
+ EFI variable, which gives arbitrary code execution in ring 0. Prevent
+ that when the kernel is locked down.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1883598
Title:
efi: Restrict efivar_ssdt_load when the kernel is locked down
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1883598/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
