6.7
CVSSv3

CVE-2020-15780

CVSSv4: NA | CVSSv3: 6.7 | CVSSv2: 7.2 | VMScore: 770 | EPSS: 0.00047 | KEV: Not Included
Published: 15/07/2020 Updated: 21/11/2024

Vulnerability Summary

An issue exists in drivers/acpi/acpi_configfs.c in the Linux kernel prior to 5.7.7. Injection of malicious ACPI tables via configfs could be used by malicious users to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

opensuse leap 15.1

opensuse leap 15.2

canonical ubuntu linux 16.04

canonical ubuntu linux 18.04

canonical ubuntu linux 20.04

Vendor Advisories

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic An update for kernel is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabili ...
Synopsis Moderate: kernel security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Synopsis Moderate: kernel-rt security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS ...
Synopsis Moderate: kernel security and bug fix update Type/Severity Security Advisory: Moderate Topic An update for kernel is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vuln ...

Mailing Lists

Yep I mentioned these in my post yesterday but I didn't go into any detail as they've been public for some little while The various vendor updates are patching both CVEs, as you noted Ubuntu punlished an advisory for these a few days ago (ubuntucom/security/notices/USN-4440-1), we, and others, rolled the kernel fixes in with the r ...
Hi, CVE-2020-15780 was assigned to this Ciao, Marcus On Mon, Jun 15, 2020 at 05:03:12PM -0600, Jason A Donenfeld wrote: -- Marcus Meissner,SUSE LINUX GmbH; Maxfeldstrasse 5; D-90409 Nuernberg; Zi 31-33,+49-911-740 53-432,,serv=loki,mail=wotan,type=real <meissner () suse de> ...
Hi, I thought I should mention that yesterday's UEFI SecureBoot bypass headlines neglected to mention the bugs I found over a month ago (with the exception of Debian's announcement, which got some details wrong initially but those have since been rectified) It appears that Linux vendors are now releasing fixes for: - CVE-2019-20908 gi ...
[This message expands slightly on the post to the distros list on 2020-07-20] Hello All, There are several CVEs both in GRUB2 and the Linux kernel (details below) that compromise UEFI Secure boot and kernel lockdown * These bugs allow unsigned code to be booted and run on hardware configured to prevent that * Affected vendors will be pu ...

Github Repositories

American Unsigned Language by zx2c4 These are two exploits to disable kernel lockdown via ACPI table injection american-unsigned-languagesh is for Ubuntu 1804 Bionic's 415 kernel with their custom patches and uses one technique CVE-2019-20908 american-unsigned-language-2sh is for mainline/upstream kernels and uses a different technique CVE-2020-15780 Explanation i

References

CWE-862https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2020:3222https://www.first.org/epsshttp://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.htmlhttp://www.openwall.com/lists/oss-security/2020/07/20/7http://www.openwall.com/lists/oss-security/2020/07/29/3http://www.openwall.com/lists/oss-security/2020/07/30/2http://www.openwall.com/lists/oss-security/2020/07/30/3https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.7https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75b0cea7bf307f362057cc778efe89af4c615354https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.shhttps://usn.ubuntu.com/4425-1/https://usn.ubuntu.com/4426-1/https://usn.ubuntu.com/4439-1/https://usn.ubuntu.com/4440-1/https://www.openwall.com/lists/oss-security/2020/06/15/3http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.htmlhttp://www.openwall.com/lists/oss-security/2020/07/20/7http://www.openwall.com/lists/oss-security/2020/07/29/3http://www.openwall.com/lists/oss-security/2020/07/30/2http://www.openwall.com/lists/oss-security/2020/07/30/3https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.7https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75b0cea7bf307f362057cc778efe89af4c615354https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.shhttps://usn.ubuntu.com/4425-1/https://usn.ubuntu.com/4426-1/https://usn.ubuntu.com/4439-1/https://usn.ubuntu.com/4440-1/https://www.openwall.com/lists/oss-security/2020/06/15/3