CVE-2020-15780

MEDIUM

Linux Kernel < 5.7.7 - Missing Authorization

Title source: rule

Description

An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.

Exploits (1)

nomisec WORKING POC

by Annavid · poc

https://github.com/Annavid/CVE-2020-15780-exploit

View Code ZIP pw:eip

References (14)

Core 14

Core References

Patch, Third Party Advisory x_refsource_misc

https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh

Mailing List, Third Party Advisory x_refsource_misc

https://www.openwall.com/lists/oss-security/2020/06/15/3

Patch, Vendor Advisory x_refsource_misc

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75b0cea7bf307f362057cc778efe89af4c615354

Release Notes, Vendor Advisory x_refsource_misc

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.7

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2020/07/20/7

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2020/07/29/3

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2020/07/30/3

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2020/07/30/2

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4425-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4439-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4426-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4440-1/

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html

Scores

CVSS v3 6.7

EPSS 0.0069

EPSS Percentile 72.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-862

Status published

Products (6)

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 20.04

linux/linux_kernel < 5.7.7

opensuse/leap 15.1

opensuse/leap 15.2

Published Jul 15, 2020

Tracked Since Feb 18, 2026