CVE-2019-20908

MEDIUM

Linux Kernel <5.4 - Privilege Escalation

Title source: llm
STIX 2.1

Description

An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032.

References (13)

Core 13
Core References
Mailing List, Third Party Advisory x_refsource_misc
https://mailarchives.bentasker.co.uk/Mirrors/OSSSec/2020/06-Jun/msg00035.html
Release Notes, Vendor Advisory x_refsource_misc
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/07/20/6
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4427-1/
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/07/29/3
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/07/30/3
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/07/30/2
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4439-1/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4426-1/
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4440-1/
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html

Scores

CVSS v3 6.7
EPSS 0.0002
EPSS Percentile 6.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

Status published
Products (4)
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
linux/linux_kernel < 5.4
opensuse/leap 15.1
Published Jul 15, 2020
Tracked Since Feb 18, 2026