Ubuntu 18.04's Heavily Patched Kernel Opens Door To Lockdown Bypass, Breaks Secure Boot

Written by Michael Larabel in Ubuntu on 14 June 2020 at 07:07 AM EDT. 29 Comments
With Ubuntu 18.04 when running on its Linux 4.15 kernel and not one of the newer hardware enablement kernels, in the mess of patches back-ported to the release it ends up being vulnerable to bypassing the kernel lockdown security and compromising UEFI Secure Boot that is persistent across reboots.

WireGuard lead developer Jason Donenfeld discovered a security issue with the Ubuntu 18.04 default kernel. The current kernel is not protecting the SSDT EFI entry point and that can lead to injecting ACPI tables and subsequently loading unsigned kernel drivers into the system even with UEFI Secure Boot enabled. A proof-of-concept attack disables KASLR address space layout randomization in the process and also survives kernel reboots.

Donenfeld published the PoC attack for illustrating this kernel flaw.

At this time it appears only Ubuntu 18.04's kernel is impacted and not the upstream kernel or other distribution kernels. Ubuntu 18.04 backports a lot to its kernel given the Long Term Support status. In this case it appears that the Ubuntu kernel team missed out on back-porting at least one patch to their kernel that could have avoided this vulnerability.

Back in August 2019 was this patch restricting the efivar_ssdt_setup access when the kernel is running in its locked down mode. The patch explains the importance of restricting the access as well, "efivar_ssdt_load allows the kernel to import arbitrary ACPI code from an EFI variable, which gives arbitrary code execution in ring 0. Prevent that when the kernel is locked down." Presumably it will soon be picked up by Ubuntu 18.04 for avoiding this vulnerability.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week