[SRU X/B/F/G] CVE-2020-27777 Restrict RTAS requests from userspace

Thadeu Lima de Souza Cascardo cascardo at canonical.com
Tue Dec 1 20:50:46 UTC 2020

Previous message (by thread): ACK: [SRU][PATCH 0/1][aws/groovy] vsock fix for nitro_enclaves
Next message (by thread): [SRU Bionic] UBUNTU: [Config]: Set CONFIG_PPC_RTAS_FILTER
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

rtas syscall allow userspace to request any RTAS call (firmware services). This
should not be unrestricted under lockdown, so filter all requests in any case,
to allow only those legitimate requests that might be used by real tools.

Previous message (by thread): ACK: [SRU][PATCH 0/1][aws/groovy] vsock fix for nitro_enclaves
Next message (by thread): [SRU Bionic] UBUNTU: [Config]: Set CONFIG_PPC_RTAS_FILTER
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the kernel-team mailing list