Announcement

Collapse
No announcement yet.

Linux Lands Fix For A Trivial Lockdown Bypass Bug

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux Lands Fix For A Trivial Lockdown Bypass Bug

    Phoronix: Linux Lands Fix For A Trivial Lockdown Bypass Bug

    Merged this afternoon to the mainline Linux 5.19 Git kernel and set for back-porting is a fix for a new security bug. Oracle made public CVE-2022-21505 on Tuesday as a trivial bypass to the Linux kernel's lockdown mode...

    https://www.phoronix.com/scan.php?pa...CVE-2022-21505

  • #2
    Lockdown can be used as tivoization...

    Comment


    • #3
      The simplest fix for the simplest bypass. I like that

      Comment


      • #4
        I hate Lockdown mode. I use Secure Boot with my own keys enrolled, but Lockdown blocks some really useful things like for example undervolting (access to MSRs is blocked). IIRC it also bloxks access to ec (embedded controller), so no fan control on laptops. Plenty of other things, too. Maybe it's OK for some high-security nuclear plant or whatever, but not so much on a regular desktop/laptop where the owner is the user. IMHO.

        Comment


        • #5
          Originally posted by binarybanana View Post
          I hate Lockdown mode [...] where the owner is the user
          I am the owner of my laptop and love lockdown mode

          Comment


          • #6
            oof - that's getting dangerously close to log4j-tier stupidity... :/

            Comment


            • #7
              Originally posted by binarybanana View Post
              I hate Lockdown mode. I use Secure Boot with my own keys enrolled, but Lockdown blocks some really useful things like for example undervolting (access to MSRs is blocked). IIRC it also bloxks access to ec (embedded controller), so no fan control on laptops. Plenty of other things, too. Maybe it's OK for some high-security nuclear plant or whatever, but not so much on a regular desktop/laptop where the owner is the user. IMHO.
              That's because on a regular desktop/laptop, the owner is no longer the user. And where it still is, they're working really hard to fix it.

              Welcome to the new world.

              Comment


              • #8
                Originally posted by intelfx View Post

                That's because on a regular desktop/laptop, the owner is no longer the user. And where it still is, they're working really hard to fix it.

                Welcome to the new world.
                I know and I hate it. Digital slavery.

                Comment

                Working...
                X