APPLIED [OEM-5.17]: [SRU][OEM-5.14, OEM-5.17][PATCH 0/1] CVE-2022-21505
Manuel Diewald
manuel.diewald at canonical.com
Tue Apr 4 07:48:00 UTC 2023
On Tue, Mar 21, 2023 at 04:38:02PM -0300, Magali Lemes wrote:
> [Impact]
> Kernel lockdown can be bypassed when UEFI secure boot is disabled or
> unavailable and IMA appraisal is enabled.
>
> [Backport]
> Clean cherry-pick.
>
> [Test]
> Compile tested.
>
> [Regression potential]
> Low, but IMA appraisal could be affected as another check is added to the
> ima_appraise_signature() function.
>
> Eric Snowberg (1):
> lockdown: Fix kexec lockdown bypass with ima policy
>
> security/integrity/ima/ima_policy.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> --
> 2.34.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Applied to jammy:linux-oem-5.17. Thank you!
More information about the kernel-team
mailing list