Why You Shouldn't Use Microsoft Windows11.

...

LMDE5 - Linux Mint Debian Edition.

LMDE5 -...

Why Should I Not Use Windows10?

Here are a...

Oracle Made Public Security Vulnerability CVE-2022-21505 for Linux Kernel

English

Oracle Made Public Security Vulnerability CVE-2022-21505 for Linux Kernel 5.19.

Which was a trivial bypass to the Linux kernel's lockdown mode, which has now been fixed.

The Linux Lockdown security module is used most often with UEFI Secure Boot but can be used outside of Secure Boot too if wanting to prevent Kexec'ing untrusted kernels.

It was introduced a couple of years back for preventing direct and indirect access to a running kernel image to fend off unauthorized/unintended modifications.

Lockdown mode:

The Lockdown mode aims to prevent against Kexec'ing into an alternate kernel, blocks access to interfaces like /dev/mem, and places other restrictions. Lockdown mode is used when running UEFI Secure Boot but also has use-cases outside of it.

Oracle engineers discovered that the lockdown mode can be easily bypassed if running in the IMA (Integrity Measurement Architecture) appraisal mode with the "ima_appraise=log" option.

For those using the Lockdown LSM without Secure Boot active, it was found to be rather easy to defeat it.

To defeat lockdown, boot without Secure Boot and add ima_appraise=log to the kernel command line, then:

    $ echo "integrity" > /sys/kernel/security/lockdown
    $ echo "appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig" > /sys/kernel/security/ima/policy
    $ kexec -ls unsigned-kernel

Its amazing this bug has been in place since 2019 and not fixed until now.

The patch was merged today to Linux 5.19 Git and is set to be back-ported to the kernel stable series. This bug has been present in Linux kernel builds since 2019.

 

Help us by donating a small amount

 
If you find this site helpful, please consider donating a small amount.
Please use our contact us form and we will give you the relevant information to make a donation.
We accept BitCoin and ZCash at the moment.

Games For Linux

Windows has always been the preferred platform for gaming, but after STEAM's interest in Linux more game developers are making their games natively available for Linux.

Disclaimer

All information on this website is published in good faith and for general educational purposes and for use in safe testing environments only. While linuxexperten.com strives to make the information on this site as accurate as possible, linuxexperten.com does not warrant its completeness, reliability and accuracy.

We are not responsible for any losses or damages associated with the use of our website. While we strive to provide only links to useful websites, we have no control over the content of these sites and links to other sites do not constitute a recommendation for all content contained on these websites.

 

Site Information

This is a professional review site that receives compensation from the companies whose products reviewed. Each service or product are thoroughly tested and given high marks if considered to be the very best. Independently owned and the opinions expressed here are no one elses.

 

Limited Time Offers

NordVPN + 3 Months