CVE-2022-21505: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-21505 is a security vulnerability in the Linux kernel's Integrity Measurement Architecture (IMA) that affects the kernel lockdown feature. The vulnerability was discovered in July 2022 and allows for a lockdown bypass when using specific IMA appraisal configurations. The issue specifically affects systems using the Linux kernel with IMA appraisal functionality, particularly when used with the "ima_appraise=log" boot parameter (Kernel Git, OSS Security).

The vulnerability exists in the interaction between the kernel's lockdown LSM (Linux Security Module) and IMA appraisal system. When IMA appraisal is used with the "imaappraise=log" boot parameter, lockdown can be bypassed with kexec on any machine when Secure Boot is disabled or unavailable. While IMA prevents setting "imaappraise=log" from the boot parameter when Secure Boot is enabled, this protection does not cover cases where lockdown is used without Secure Boot. The vulnerability has been assigned a CVSS 3.1 Base Score of 6.7 (Medium) with the vector: AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability allows a privileged attacker to bypass kernel lockdown restrictions, which could lead to the loading of untrusted kernels through kexec. This bypass effectively undermines the security measures put in place by the lockdown feature, particularly in environments where system integrity is crucial (Red Hat).

The vulnerability has been fixed through a patch that adds verification of IMA appraisal being set to "enforce" whenever lockdown is enabled. The fix has been merged into the mainline kernel and backported to various distributions. Multiple Linux distributions have released security updates to address this vulnerability, including Red Hat Enterprise Linux and Oracle Linux (Kernel Git).