Описание
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.
A flaw incorrect handle of boot param module.sig_enforce=1 in the Linux kernel modules sign verification functionality was found in the way user boot with this param enabled and both if kernel compiled with param CONFIG_MODULE_SIG unset, then user still can load unsigned module even param module.sig_enforce pretending to be enabled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Отчет
This issue is rated as having a Moderate impact because of the privileges required for loading malicious unsigned kernel module.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-alt | Not affected | ||
| Red Hat Enterprise Linux 7 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise Linux 8 | kernel-rt | Not affected | ||
| Red Hat Enterprise Linux 9 | kernel | Not affected |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG verification that a kernel module is signed for loading via init_module does not occur for a module.sig_enforce=1 command-line argument.
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signatur ...
kernel/module.c in the Linux kernel before 5.12.14 mishandles Signature Verification, aka CID-0c18f29aae7c. Without CONFIG_MODULE_SIG, verification that a kernel module is signed, for loading via init_module, does not occur for a module.sig_enforce=1 command-line argument.
7.8 High
CVSS3