Ubuntu 18.04's Heavily Patched Kernel Opens Door To Lockdown Bypass, Breaks Secure Boot

Written by Michael Larabel in Ubuntu on 14 June 2020 at 07:07 AM EDT. 29 Comments
UBUNTU
With Ubuntu 18.04 when running on its Linux 4.15 kernel and not one of the newer hardware enablement kernels, in the mess of patches back-ported to the release it ends up being vulnerable to bypassing the kernel lockdown security and compromising UEFI Secure Boot that is persistent across reboots.

WireGuard lead developer Jason Donenfeld discovered a security issue with the Ubuntu 18.04 default kernel. The current kernel is not protecting the SSDT EFI entry point and that can lead to injecting ACPI tables and subsequently loading unsigned kernel drivers into the system even with UEFI Secure Boot enabled. A proof-of-concept attack disables KASLR address space layout randomization in the process and also survives kernel reboots.

Donenfeld published the PoC attack for illustrating this kernel flaw.

At this time it appears only Ubuntu 18.04's kernel is impacted and not the upstream kernel or other distribution kernels. Ubuntu 18.04 backports a lot to its kernel given the Long Term Support status. In this case it appears that the Ubuntu kernel team missed out on back-porting at least one patch to their kernel that could have avoided this vulnerability.

Back in August 2019 was this patch restricting the efivar_ssdt_setup access when the kernel is running in its locked down mode. The patch explains the importance of restricting the access as well, "efivar_ssdt_load allows the kernel to import arbitrary ACPI code from an EFI variable, which gives arbitrary code execution in ring 0. Prevent that when the kernel is locked down." Presumably it will soon be picked up by Ubuntu 18.04 for avoiding this vulnerability.
29 Comments
Related News
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
Ubuntu flash-kernel Package Looks To Drop Support For Old ARM Hardware
Ubuntu 25.04 Planning To Use GCC 15 As Well As Exploring Greater LLVM Use
Mir 2.19 Released With Atomic KMS Platform Support, New Wayland Protocols
UBports' Ubuntu Touch OTA-7 Atop Ubuntu 20.04 Released
Updated Ubuntu 24.10 Install Image Released For Snapdragon X1 Elite Laptops
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features