CVE-2020-15780
kernel: lockdown: bypass through ACPI write via acpi_configfs
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.
Se detectó un problema en el archivo drivers/acpi/acpi_configfs.c en el kernel de Linux versiones anteriores a 5.7.7. Una inyección de tablas ACPI maliciosas por medio de configfs podría ser usada por atacantes para omitir el bloqueo y asegurar las restricciones de arranque, también se conoce como CID-75b0cea7bf30
A flaw was found in how the ACPI table loading through acpi_configfs was handled when the kernel was locked down. This flaw allows a (root) privileged local user to circumvent the kernel lockdown restrictions. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-07-15 CVE Reserved
- 2020-07-15 CVE Published
- 2020-07-30 First Exploit
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-284: Improper Access Control
- CWE-862: Missing Authorization
CAPEC
References (17)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2020/07/29/3 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2020/07/30/2 | Mailing List |
|
| http://www.openwall.com/lists/oss-security/2020/07/30/3 | Mailing List |
|
| https://www.openwall.com/lists/oss-security/2020/06/15/3 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/Annavid/CVE-2020-15780-exploit | 2020-07-30 |
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html | 2022-04-27 | |
| http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html | 2022-04-27 | |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.7 | 2022-04-27 | |
| https://usn.ubuntu.com/4425-1 | 2022-04-27 | |
| https://usn.ubuntu.com/4426-1 | 2022-04-27 | |
| https://usn.ubuntu.com/4439-1 | 2022-04-27 | |
| https://usn.ubuntu.com/4440-1 | 2022-04-27 | |
| https://access.redhat.com/security/cve/CVE-2020-15780 | 2020-07-29 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1852962 | 2020-07-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | < 5.7.7 Search vendor "Linux" for product "Linux Kernel" and version " < 5.7.7" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.2 Search vendor "Opensuse" for product "Leap" and version "15.2" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04" | lts |
Affected
| ||||||