CVE-2019-20908
kernel: lockdown: bypass through ACPI write via efivar_ssdt
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032.
Se detectó un problema en el archivo drivers/firmware/efi/efi.c en el kernel de Linux versiones anteriores a 5.4. Permisos de acceso incorrectos para la variable efivar_ssdt ACPI podrían ser usados por atacantes para omitir el bloqueo o asegurar las restricciones de arranque, también se conoce como CID-1957a85b0032
A flaw was found in how the ACPI table loading through the EFI variable (and the related efivar_ssdt boot option) was handled when the Linux kernel was locked down. This flaw allows a (root) privileged local user to circumvent the kernel lockdown restrictions. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-07-15 CVE Reserved
- 2020-07-15 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2020/07/20/6 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2020/07/29/3 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2020/07/30/2 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2020/07/30/3 | Mailing List |
|
| https://mailarchives.bentasker.co.uk/Mirrors/OSSSec/2020/06-Jun/msg00035.html | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html | 2021-07-21 | |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4 | 2021-07-21 | |
| https://usn.ubuntu.com/4426-1 | 2021-07-21 | |
| https://usn.ubuntu.com/4427-1 | 2021-07-21 | |
| https://usn.ubuntu.com/4439-1 | 2021-07-21 | |
| https://usn.ubuntu.com/4440-1 | 2021-07-21 | |
| https://access.redhat.com/security/cve/CVE-2019-20908 | 2020-07-29 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1852942 | 2020-07-29 | |
| https://lore.kernel.org/linux-efi/20200615202408.2242614-1-pjones@redhat.com | 2020-07-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.4 Search vendor "Linux" for product "Linux Kernel" and version " < 5.4" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||