CVE-2020-15780

CVSS v3.1 6.7 (Medium)

CVSS v2.0 7.2 (High)

EPSS 0.05 % (18^th)

Affected Products 3

Advisories 33

An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.

Weaknesses

CWE-862: Missing Authorization

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2020-07-15 22:15:14
(4 years ago)
Updated Date: 2022-04-27 15:44:41
(2 years ago)

Affected Products

Configuration #1

		CPE23	From	Up To
	Linux Kernel prior 5.7.7 version	cpe:2.3:o:linux:linux_kernel		< 5.7.7

Configuration #2

		CPE23	From	Up To
	Opensuse Leap 15.1	cpe:2.3:o:opensuse:leap:15.1
	Opensuse Leap 15.2	cpe:2.3:o:opensuse:leap:15.2

Configuration #3

		CPE23	From	Up To
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:esm
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts
	Canonical Ubuntu Linux 20.04	cpe:2.3:o:canonical:ubuntu_linux:20.04:::*:lts

Weaknesses

Affected Products

Canonical

Linux

Opensuse

Configuration #1

Configuration #2

Configuration #3