A vulnerability has been identified in the Linux kernel (CVE-2022-21505) that could easily bypass the Lockdown security mechanism that limits root access to the kernel and blocks UEFI Secure Boot bypass paths. To bypass, it is proposed to use the IMA (Integrity Measurement Architecture) kernel subsystem, designed to check the integrity of operating system components using digital signatures and hashes.
Lockdown restricts access to /dev/mem, /dev/kmem, /dev/port, /proc/kcore, debugfs, kprobes debug mode, mmiotrace, tracefs, BPF, PCMCIA CIS (Card Information Structure), some ACPI interfaces, and CPU MSRs, blocking kexec_file and kexec_load calls, preventing sleep mode, restricting DMA usage for PCI devices, preventing importing ACPI code from EFI variables, preventing I/O port manipulation, including changing the interrupt number and port I/O for the serial port.
The essence of the vulnerability is that when using the boot parameter "ima_appraise=log", it is allowed to call kexec to load a new copy of the kernel if the Secure Boot mode is not active in the system and the Lockdown mode is used separately from it. IMA does not allow the "ima_appraise" mode to be enabled when Secure Boot is active, but does not take into account the possibility of using Lockdown separately from Secure Boot.
Source: opennet.ru