I've requested a CVE for this issue. I wanted to provide some more context as other Linux distributions will likely be reading this bug report once the CVE assignment occurs.
This flaw is introduced by certain configuration options in combination with this out-of-tree patch from the Lockdown patchset:
We do not force module signatures (CONFIG_MODULE_SIG_FORCE=n), we enable IMA-appraise (CONFIG_IMA_APPRAISE=y), and we do not use the built-in IMA secure_boot policy snippet by default. Therefore, no signature verification is performed when a module is loaded via the finit_module(2) syscall.
I've requested a CVE for this issue. I wanted to provide some more context as other Linux distributions will likely be reading this bug report once the CVE assignment occurs.
This flaw is introduced by certain configuration options in combination with this out-of-tree patch from the Lockdown patchset:
https:/ /git.launchpad. net/~ubuntu- kernel/ ubuntu/ +source/ linux/+ git/cosmic/ commit/ ?id=03c7de9e956 395f3b36f86f89b 62780ad9501eef
We do not force module signatures (CONFIG_ MODULE_ SIG_FORCE= n), we enable IMA-appraise (CONFIG_ IMA_APPRAISE= y), and we do not use the built-in IMA secure_boot policy snippet by default. Therefore, no signature verification is performed when a module is loaded via the finit_module(2) syscall.