CVE Vulnerabilities

CVE-2019-20908

Published: Jul 15, 2020 | Modified: Jul 21, 2021
CVSS 3.x
6.7
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.9 MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
6.4 MODERATE
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM

An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032.

Affected Software

Name Vendor Start Version End Version
Linux_kernel Linux * 5.4 (excluding)
Red Hat Enterprise Linux 8 RedHat kernel-rt-0:4.18.0-193.14.3.rt13.67.el8_2 *
Red Hat Enterprise Linux 8 RedHat kernel-0:4.18.0-193.14.3.el8_2 *
Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions RedHat kernel-0:4.18.0-80.27.2.el8_0 *
Red Hat Enterprise Linux 8.1 Extended Update Support RedHat kernel-0:4.18.0-147.24.2.el8_1 *
Linux Ubuntu bionic *
Linux Ubuntu eoan *
Linux Ubuntu upstream *
Linux-aws Ubuntu bionic *
Linux-aws Ubuntu eoan *
Linux-aws Ubuntu upstream *
Linux-aws-5.0 Ubuntu bionic *
Linux-aws-5.0 Ubuntu esm-infra/bionic *
Linux-aws-5.0 Ubuntu upstream *
Linux-aws-5.15 Ubuntu upstream *
Linux-aws-5.3 Ubuntu bionic *
Linux-aws-5.3 Ubuntu upstream *
Linux-aws-5.4 Ubuntu upstream *
Linux-aws-6.8 Ubuntu upstream *
Linux-aws-fips Ubuntu fips-updates/bionic *
Linux-aws-fips Ubuntu fips/bionic *
Linux-aws-fips Ubuntu trusty *
Linux-aws-fips Ubuntu upstream *
Linux-aws-fips Ubuntu xenial *
Linux-aws-hwe Ubuntu upstream *
Linux-aws-hwe Ubuntu xenial *
Linux-azure Ubuntu bionic *
Linux-azure Ubuntu eoan *
Linux-azure Ubuntu esm-infra/bionic *
Linux-azure Ubuntu trusty *
Linux-azure Ubuntu trusty/esm *
Linux-azure Ubuntu upstream *
Linux-azure Ubuntu xenial *
Linux-azure-4.15 Ubuntu bionic *
Linux-azure-4.15 Ubuntu upstream *
Linux-azure-5.15 Ubuntu upstream *
Linux-azure-5.3 Ubuntu bionic *
Linux-azure-5.3 Ubuntu upstream *
Linux-azure-5.4 Ubuntu upstream *
Linux-azure-6.8 Ubuntu upstream *
Linux-azure-edge Ubuntu bionic *
Linux-azure-edge Ubuntu esm-infra/bionic *
Linux-azure-edge Ubuntu upstream *
Linux-azure-fde Ubuntu focal *
Linux-azure-fde Ubuntu upstream *
Linux-azure-fde-5.15 Ubuntu upstream *
Linux-azure-fips Ubuntu fips-updates/bionic *
Linux-azure-fips Ubuntu fips/bionic *
Linux-azure-fips Ubuntu trusty *
Linux-azure-fips Ubuntu upstream *
Linux-azure-fips Ubuntu xenial *
Linux-bluefield Ubuntu upstream *
Linux-dell300x Ubuntu upstream *
Linux-fips Ubuntu fips-updates/bionic *
Linux-fips Ubuntu fips/bionic *
Linux-fips Ubuntu upstream *
Linux-gcp Ubuntu bionic *
Linux-gcp Ubuntu eoan *
Linux-gcp Ubuntu esm-infra/bionic *
Linux-gcp Ubuntu upstream *
Linux-gcp Ubuntu xenial *
Linux-gcp-4.15 Ubuntu bionic *
Linux-gcp-4.15 Ubuntu upstream *
Linux-gcp-5.15 Ubuntu upstream *
Linux-gcp-5.3 Ubuntu bionic *
Linux-gcp-5.3 Ubuntu upstream *
Linux-gcp-5.4 Ubuntu upstream *
Linux-gcp-6.8 Ubuntu upstream *
Linux-gcp-edge Ubuntu bionic *
Linux-gcp-edge Ubuntu esm-infra/bionic *
Linux-gcp-edge Ubuntu upstream *
Linux-gcp-fips Ubuntu fips/bionic *
Linux-gcp-fips Ubuntu trusty *
Linux-gcp-fips Ubuntu upstream *
Linux-gcp-fips Ubuntu xenial *
Linux-gke Ubuntu focal *
Linux-gke Ubuntu upstream *
Linux-gke Ubuntu xenial *
Linux-gke-4.15 Ubuntu bionic *
Linux-gke-4.15 Ubuntu upstream *
Linux-gke-5.0 Ubuntu bionic *
Linux-gke-5.0 Ubuntu upstream *
Linux-gke-5.3 Ubuntu bionic *
Linux-gke-5.3 Ubuntu upstream *
Linux-gke-5.4 Ubuntu upstream *
Linux-gkeop Ubuntu upstream *
Linux-gkeop-5.15 Ubuntu upstream *
Linux-gkeop-5.4 Ubuntu upstream *
Linux-hwe Ubuntu bionic *
Linux-hwe Ubuntu upstream *
Linux-hwe Ubuntu xenial *
Linux-hwe-5.15 Ubuntu upstream *
Linux-hwe-5.4 Ubuntu upstream *
Linux-hwe-5.8 Ubuntu upstream *
Linux-hwe-6.8 Ubuntu upstream *
Linux-hwe-edge Ubuntu bionic *
Linux-hwe-edge Ubuntu esm-infra/bionic *
Linux-hwe-edge Ubuntu esm-infra/xenial *
Linux-hwe-edge Ubuntu upstream *
Linux-hwe-edge Ubuntu xenial *
Linux-ibm Ubuntu upstream *
Linux-ibm-5.15 Ubuntu upstream *
Linux-ibm-5.4 Ubuntu upstream *
Linux-intel Ubuntu upstream *
Linux-intel-iot-realtime Ubuntu upstream *
Linux-intel-iotg Ubuntu upstream *
Linux-intel-iotg-5.15 Ubuntu upstream *
Linux-iot Ubuntu upstream *
Linux-kvm Ubuntu bionic *
Linux-kvm Ubuntu eoan *
Linux-kvm Ubuntu upstream *
Linux-lowlatency Ubuntu upstream *
Linux-lowlatency-hwe-5.15 Ubuntu upstream *
Linux-lowlatency-hwe-6.8 Ubuntu upstream *
Linux-lts-trusty Ubuntu upstream *
Linux-lts-xenial Ubuntu upstream *
Linux-nvidia Ubuntu upstream *
Linux-nvidia-6.5 Ubuntu upstream *
Linux-nvidia-6.8 Ubuntu upstream *
Linux-nvidia-lowlatency Ubuntu upstream *
Linux-oem Ubuntu bionic *
Linux-oem Ubuntu eoan *
Linux-oem Ubuntu upstream *
Linux-oem Ubuntu xenial *
Linux-oem-5.10 Ubuntu upstream *
Linux-oem-5.6 Ubuntu upstream *
Linux-oem-6.11 Ubuntu upstream *
Linux-oem-6.8 Ubuntu upstream *
Linux-oem-osp1 Ubuntu bionic *
Linux-oem-osp1 Ubuntu eoan *
Linux-oem-osp1 Ubuntu upstream *
Linux-oracle Ubuntu bionic *
Linux-oracle Ubuntu eoan *
Linux-oracle Ubuntu upstream *
Linux-oracle Ubuntu xenial *
Linux-oracle-5.0 Ubuntu bionic *
Linux-oracle-5.0 Ubuntu esm-infra/bionic *
Linux-oracle-5.0 Ubuntu upstream *
Linux-oracle-5.15 Ubuntu upstream *
Linux-oracle-5.3 Ubuntu bionic *
Linux-oracle-5.3 Ubuntu upstream *
Linux-oracle-5.4 Ubuntu upstream *
Linux-oracle-6.8 Ubuntu upstream *
Linux-raspi Ubuntu upstream *
Linux-raspi-5.4 Ubuntu upstream *
Linux-raspi-realtime Ubuntu upstream *
Linux-raspi2 Ubuntu bionic *
Linux-raspi2 Ubuntu eoan *
Linux-raspi2 Ubuntu focal *
Linux-raspi2 Ubuntu upstream *
Linux-raspi2-5.3 Ubuntu bionic *
Linux-raspi2-5.3 Ubuntu upstream *
Linux-realtime Ubuntu jammy *
Linux-realtime Ubuntu upstream *
Linux-riscv Ubuntu jammy *
Linux-riscv Ubuntu upstream *
Linux-riscv-5.15 Ubuntu upstream *
Linux-riscv-6.8 Ubuntu upstream *
Linux-snapdragon Ubuntu bionic *
Linux-snapdragon Ubuntu upstream *
Linux-xilinx-zynqmp Ubuntu upstream *

References