CVE-2020-15780

MEDIUM

Linux Kernel < 5.7.7 - Missing Authorization via ACPI Table Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-15780. PoCs published by Annavid.

AI-analyzed exploit summary This repository contains two exploit scripts for CVE-2020-15780, which leverage ACPI table injection to disable kernel lockdown, allowing unsigned kernel modules to be loaded on systems with Secure Boot enabled. The scripts target different kernel versions and use distinct techniques to achieve privilege escalation.

Description

An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.

Exploits (1)

nomisec WORKING POC

by Annavid · poc

https://github.com/Annavid/CVE-2020-15780-exploit

View Code ZIP pw:eip

This repository contains two exploit scripts for CVE-2020-15780, which leverage ACPI table injection to disable kernel lockdown, allowing unsigned kernel modules to be loaded on systems with Secure Boot enabled. The scripts target different kernel versions and use distinct techniques to achieve privilege escalation.

Classification

Working Poc 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Linux Kernel (Ubuntu 18.04 Bionic with custom patches and mainline/upstream kernels)

Auth required

Prerequisites: Root access to execute the script · ACPI configfs module available · iasl (ACPI compiler) installed

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548.002 - Bypass User Account Control

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14

Core References

Patch, Third Party Advisory x_refsource_misc

https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh

Mailing List, Third Party Advisory x_refsource_misc

https://www.openwall.com/lists/oss-security/2020/06/15/3

Patch, Vendor Advisory x_refsource_misc

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75b0cea7bf307f362057cc778efe89af4c615354

Release Notes, Vendor Advisory x_refsource_misc

https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.7

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2020/07/20/7

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2020/07/29/3

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2020/07/30/3

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2020/07/30/2

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4425-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4439-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4426-1/

Third Party Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/4440-1/

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00047.html

Scores

CVSS v3 6.7

EPSS 0.0131

EPSS Percentile 67.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-862

Status published

Products (6)

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 20.04

linux/linux_kernel < 5.7.7

opensuse/leap 15.1

opensuse/leap 15.2

Published Jul 15, 2020

Tracked Since Feb 18, 2026