mirror of
https://git.proxmox.com/git/mirror_ubuntu-kernels.git
synced 2025-08-15 15:43:42 +00:00
11a6af597f
KGDB and KDB allow read and write access to kernel memory, and thus should not be allowed during lockdown. An attacker with access to a serial port (for example, via a hypervisor console, which some cloud vendors provide over the network) could trigger the debugger and use it to bypass lockdown. Ensure KDB and KGDB cannot be used during lockdown. This fixes CVE-2022-21499. Signed-off-by: Stephen Brennan <stephen.s.brennan@oracle.com> CVE-2022-21499 Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Kamal Mostafa <kamal@canonical.com> Acked-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> Acked-by: Andrea Righi <andrea.righi@canonical.com> |
||
|---|---|---|
| .. | ||
| kdb | ||
| debug_core.c | ||
| debug_core.h | ||
| gdbstub.c | ||
| Makefile | ||