CME-109

Kernel Lockdown Mode

Harden OS/Kernel High Confidence

Description

LSM that restricts kernel features allowing arbitrary code execution or direct hardware access from userspace. Integrity mode blocks module parameters, ACPI tables, and iopl/ioperm. Confidentiality mode additionally blocks /dev/mem, kprobes, and BPF reads.

CVSS Vector Impacts

Metric Transition Rationale
Privileges Required (PR) L H Even root cannot modify running kernel via blocked interfaces
Attack Complexity (AC) L H Many kernel exploitation primitives are disabled

CWE Relationships

CWE-269 CWE-284

Verification

Check lockdown LSM state

$ cat /sys/kernel/security/lockdown
# Expected: [integrity]
Platform: linux
← CME-108: kptr_restrict (Kernel Pointer Restriction) CME-110: KEXEC Restriction →