diff options
Diffstat (limited to 'debian/patches/features/all/lockdown/ACPI-configfs-Disallow-loading-ACPI-tables-when-lock.patch')
| -rw-r--r-- | debian/patches/features/all/lockdown/ACPI-configfs-Disallow-loading-ACPI-tables-when-lock.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/debian/patches/features/all/lockdown/ACPI-configfs-Disallow-loading-ACPI-tables-when-lock.patch b/debian/patches/features/all/lockdown/ACPI-configfs-Disallow-loading-ACPI-tables-when-lock.patch new file mode 100644 index 000000000..4970a4bd4 --- /dev/null +++ b/debian/patches/features/all/lockdown/ACPI-configfs-Disallow-loading-ACPI-tables-when-lock.patch @@ -0,0 +1,44 @@ +From: "Jason A. Donenfeld" <Jason@zx2c4.com> +Date: Mon, 15 Jun 2020 04:43:32 -0600 +Subject: ACPI: configfs: Disallow loading ACPI tables when locked down +Origin: https://git.kernel.org/linus/75b0cea7bf307f362057cc778efe89af4c615354 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-15780 + +Like other vectors already patched, this one here allows the root +user to load ACPI tables, which enables arbitrary physical address +writes, which in turn makes it possible to disable lockdown. + +Prevents this by checking the lockdown status before allowing a new +ACPI table to be installed. The link in the trailer shows a PoC of +how this might be used. + +Link: https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh +Cc: 5.4+ <stable@vger.kernel.org> # 5.4+ +Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> +Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com> +[Salvatore Bonaccorso: Backport to v4.19.y: Use kernel_is_locked_down instead +of security_locked_down] +--- + drivers/acpi/acpi_configfs.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/drivers/acpi/acpi_configfs.c ++++ b/drivers/acpi/acpi_configfs.c +@@ -14,6 +14,7 @@ + #include <linux/module.h> + #include <linux/configfs.h> + #include <linux/acpi.h> ++#include <linux/security.h> + + #include "acpica/accommon.h" + #include "acpica/actables.h" +@@ -33,6 +34,9 @@ static ssize_t acpi_table_aml_write(stru + struct acpi_table *table; + int ret; + ++ if (kernel_is_locked_down("Modifying ACPI tables")) ++ return -EPERM; ++ + table = container_of(cfg, struct acpi_table, cfg); + + if (table->header) { |