summaryrefslogtreecommitdiffstats
path: root/debian/patches/features/all/lockdown/ACPI-configfs-Disallow-loading-ACPI-tables-when-lock.patch
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 01:02:38 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 01:02:38 +0000
commit08b74a000942a380fe028845f92cd3a0dee827d5 (patch)
treeaa78b4e12607c3e1fcce8d5cc42df4330792f118 /debian/patches/features/all/lockdown/ACPI-configfs-Disallow-loading-ACPI-tables-when-lock.patch
parentAdding upstream version 4.19.249. (diff)
downloadlinux-debian.tar.xz
linux-debian.zip
Adding debian version 4.19.249-2.debian/4.19.249-2debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/features/all/lockdown/ACPI-configfs-Disallow-loading-ACPI-tables-when-lock.patch')
-rw-r--r--debian/patches/features/all/lockdown/ACPI-configfs-Disallow-loading-ACPI-tables-when-lock.patch44
1 files changed, 44 insertions, 0 deletions
diff --git a/debian/patches/features/all/lockdown/ACPI-configfs-Disallow-loading-ACPI-tables-when-lock.patch b/debian/patches/features/all/lockdown/ACPI-configfs-Disallow-loading-ACPI-tables-when-lock.patch
new file mode 100644
index 000000000..4970a4bd4
--- /dev/null
+++ b/debian/patches/features/all/lockdown/ACPI-configfs-Disallow-loading-ACPI-tables-when-lock.patch
@@ -0,0 +1,44 @@
+From: "Jason A. Donenfeld" <Jason@zx2c4.com>
+Date: Mon, 15 Jun 2020 04:43:32 -0600
+Subject: ACPI: configfs: Disallow loading ACPI tables when locked down
+Origin: https://git.kernel.org/linus/75b0cea7bf307f362057cc778efe89af4c615354
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-15780
+
+Like other vectors already patched, this one here allows the root
+user to load ACPI tables, which enables arbitrary physical address
+writes, which in turn makes it possible to disable lockdown.
+
+Prevents this by checking the lockdown status before allowing a new
+ACPI table to be installed. The link in the trailer shows a PoC of
+how this might be used.
+
+Link: https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh
+Cc: 5.4+ <stable@vger.kernel.org> # 5.4+
+Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
+Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
+[Salvatore Bonaccorso: Backport to v4.19.y: Use kernel_is_locked_down instead
+of security_locked_down]
+---
+ drivers/acpi/acpi_configfs.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/drivers/acpi/acpi_configfs.c
++++ b/drivers/acpi/acpi_configfs.c
+@@ -14,6 +14,7 @@
+ #include <linux/module.h>
+ #include <linux/configfs.h>
+ #include <linux/acpi.h>
++#include <linux/security.h>
+
+ #include "acpica/accommon.h"
+ #include "acpica/actables.h"
+@@ -33,6 +34,9 @@ static ssize_t acpi_table_aml_write(stru
+ struct acpi_table *table;
+ int ret;
+
++ if (kernel_is_locked_down("Modifying ACPI tables"))
++ return -EPERM;
++
+ table = container_of(cfg, struct acpi_table, cfg);
+
+ if (table->header) {