@[email protected] to [email protected]English • 10 months agoMicrosoft waited 6 months to patch actively exploited admin-to-kernel vulnerabilitywww.theregister.comexternal-linkmessage-square7fedilinkarrow-up165arrow-down14cross-posted to: technology
arrow-up161arrow-down1external-linkMicrosoft waited 6 months to patch actively exploited admin-to-kernel vulnerabilitywww.theregister.com@[email protected] to [email protected]English • 10 months agomessage-square7fedilinkcross-posted to: technology
minus-squareThe Stoned HackerlinkEnglish2•10 months agodepends, they can also loaded via dkms which may not require it
minus-squareThe Stoned HackerlinkEnglish2•10 months agoIt kinda depends, on custom kernels DKMS can be incredibly helpful. Like for a hardened kernel, a lot of drivers may be loaded via DKMS.
minus-squareJustinlinkfedilinkEnglish1•10 months agoYeah, it actually looks like Ubuntu leaves the module signing key accessible to root on the filesystem: https://wiki.ubuntu.com/UEFI/SecureBoot#Security_implications_in_Machine-Owner_Key_management So root access basically gives you kernel access, if you just sign a malicious kernel module with the MOK.
depends, they can also loaded via dkms which may not require it
deleted by creator
It kinda depends, on custom kernels DKMS can be incredibly helpful. Like for a hardened kernel, a lot of drivers may be loaded via DKMS.
Yeah, it actually looks like Ubuntu leaves the module signing key accessible to root on the filesystem:
https://wiki.ubuntu.com/UEFI/SecureBoot#Security_implications_in_Machine-Owner_Key_management
So root access basically gives you kernel access, if you just sign a malicious kernel module with the MOK.