62
Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability
(www.theregister.com)
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Enjoy!
depends, they can also loaded via dkms which may not require it
It kinda depends, on custom kernels DKMS can be incredibly helpful. Like for a hardened kernel, a lot of drivers may be loaded via DKMS.
Yeah, it actually looks like Ubuntu leaves the module signing key accessible to root on the filesystem:
https://wiki.ubuntu.com/UEFI/SecureBoot#Security_implications_in_Machine-Owner_Key_management
So root access basically gives you kernel access, if you just sign a malicious kernel module with the MOK.