cybersecurity

3155 readers

1 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 1 year ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub

Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability (www.theregister.com)

submitted 6 months ago by ylai@lemmy.ml to c/cybersecurity@infosec.pub

7 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] jlh@lemmy.jlh.name 4 points 6 months ago (1 children)

You might be right. I think that the Linux kernel doesn't have an ABI though, so I believe the driver has to be built for the current version of the kernel. I think the idea is also that the driver is signed by the distro, not Microsoft, so the risk of random drivers getting signed accidentally is probably much lower.

[–] erev@lemmy.world 2 points 6 months ago (2 children)

depends, they can also loaded via dkms which may not require it

[–] jlh@lemmy.jlh.name 1 points 6 months ago

Yeah, it actually looks like Ubuntu leaves the module signing key accessible to root on the filesystem:

https://wiki.ubuntu.com/UEFI/SecureBoot#Security_implications_in_Machine-Owner_Key_management

So root access basically gives you kernel access, if you just sign a malicious kernel module with the MOK.