6.9

CVE-2019-20908

An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 5.4
OpensuseLeap Version15.1
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.51% 0.396
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.9 3.4 10
AV:L/AC:M/Au:N/C:C/I:C/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://usn.ubuntu.com/4427-1/
Third Party Advisory
https://usn.ubuntu.com/4439-1/
Third Party Advisory
https://usn.ubuntu.com/4440-1/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00009.html
Third Party Advisory
Mailing List
https://usn.ubuntu.com/4426-1/
Third Party Advisory
http://www.openwall.com/lists/oss-security/2020/07/20/6
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2020/07/29/3
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2020/07/30/2
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2020/07/30/3
Third Party Advisory
Mailing List
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4
Vendor Advisory
Release Notes
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1957a85b0032a81e6482ca4aab883643b8dae06e
Patch
Vendor Advisory
https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language.sh
Patch
Third Party Advisory
https://mailarchives.bentasker.co.uk/Mirrors/OSSSec/2020/06-Jun/msg00035.html
Third Party Advisory
Mailing List