Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-25 04:33:10 -05:00
Code Issues Projects Releases Packages Wiki Activity

Update docs on CPU MSR disabling

Browse source
This commit is contained in:
raja-grewal 2025-11-21 12:36:32 +00:00 committed by GitHub
parent 59869979bb
commit e6aa648d54
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
etc/modprobe.d/30_security-misc_disable.conf#security-misc-shared
View file

@ -232,8 +232,10 @@ install sctp_diag /usr/bin/disabled-network-by-security-misc
install hamradio /usr/bin/disabled-miscellaneous-by-security-misc
## CPU Model-Specific Registers (MSRs):
## Disable CPU MSRs as they can be abused to write to arbitrary memory.
## Can disable CPU MSRs as they can be abused to write to arbitrary memory.
##
## https://en.wikipedia.org/wiki/Model-specific_register
## https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/best-practices/reading-writing-msrs-in-linux.html
## https://security.stackexchange.com/questions/119712/methods-root-can-use-to-elevate-itself-to-kernel-mode
## https://github.com/Kicksecure/security-misc/issues/215
##