CVE-2020-15780
Publication date 15 July 2020
Last updated 24 July 2024
Ubuntu priority
An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.
From the Ubuntu Security Team
Jason A. Donenfeld discovered that the ACPI implementation in the Linux kernel did not properly restrict loading ACPI tables via configfs. A privileged attacker could use this to bypass Secure Boot lockdown restrictions and execute arbitrary code in the kernel.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| linux | ||
| 20.04 LTS focal |
Fixed 5.4.0-42.46
|
|
| 18.04 LTS bionic |
Fixed 4.15.0-112.113
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
|
| linux-aws | ||
| 20.04 LTS focal |
Fixed 5.4.0-1020.20
|
|
| 18.04 LTS bionic |
Fixed 4.15.0-1079.83
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty |
Not affected
|
|
| linux-aws-5.0 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-aws-5.3 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.3.0-1032.34~18.04.2
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-aws-5.4 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.4.0-1020.20~18.04.2
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-aws-hwe | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial |
Fixed 4.15.0-1079.83~16.04.1
|
|
| 14.04 LTS trusty | Not in release | |
| linux-azure | ||
| 20.04 LTS focal |
Fixed 5.4.0-1022.22
|
|
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial |
Fixed 4.15.0-1092.102~16.04.1
|
|
| 14.04 LTS trusty |
Fixed 4.15.0-1092.102~14.04.1
|
|
| linux-azure-4.15 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 4.15.0-1092.102
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-azure-5.3 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.3.0-1034.35~18.04.1
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-azure-5.4 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.4.0-1022.22~18.04.1
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-azure-edge | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-dell300x | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gcp | ||
| 20.04 LTS focal |
Fixed 5.4.0-1021.21
|
|
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial |
Fixed 4.15.0-1080.90~16.04.1
|
|
| 14.04 LTS trusty | Not in release | |
| linux-gcp-4.15 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 4.15.0-1080.90
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gcp-5.3 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.3.0-1032.34~18.04.1
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gcp-5.4 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.4.0-1021.21~18.04.1
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gcp-edge | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gke-4.15 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 4.15.0-1066.69
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gke-5.0 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.0.0-1045.46
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gke-5.3 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.3.0-1032.34~18.04.1
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gke-5.4 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gkeop | ||
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-gkeop-5.4 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-hwe | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.3.0-64.58~18.04.1
|
|
| 16.04 LTS xenial |
Fixed 4.15.0-112.113~16.04.1
|
|
| 14.04 LTS trusty | Not in release | |
| linux-hwe-5.4 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.4.0-42.46~18.04.1
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-hwe-5.8 | ||
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-hwe-edge | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Not in release | |
| linux-kvm | ||
| 20.04 LTS focal |
Fixed 5.4.0-1020.20
|
|
| 18.04 LTS bionic |
Fixed 4.15.0-1071.72
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
| linux-lts-trusty | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-lts-xenial | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty |
Not affected
|
|
| linux-oem | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 4.15.0-1093.103
|
|
| 16.04 LTS xenial | Ignored | |
| 14.04 LTS trusty | Not in release | |
| linux-oem-5.10 | ||
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oem-5.6 | ||
| 20.04 LTS focal |
Fixed 5.6.0-1031.32
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oem-osp1 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.0.0-1065.70
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oracle | ||
| 20.04 LTS focal |
Fixed 5.4.0-1021.21
|
|
| 18.04 LTS bionic |
Fixed 4.15.0-1050.54
|
|
| 16.04 LTS xenial |
Fixed 4.15.0-1050.54~16.04.1
|
|
| 14.04 LTS trusty | Not in release | |
| linux-oracle-5.0 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic | Ignored | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oracle-5.3 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.3.0-1030.32~18.04.1
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-oracle-5.4 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.4.0-1021.21~18.04.1
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-raspi | ||
| 20.04 LTS focal |
Fixed 5.4.0-1015.15
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-raspi-5.4 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.4.0-1015.15~18.04.1
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-raspi2 | ||
| 20.04 LTS focal | Ignored | |
| 18.04 LTS bionic |
Fixed 4.15.0-1067.71
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
| linux-raspi2-5.3 | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 5.3.0-1030.32~18.04.2
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-riscv | ||
| 20.04 LTS focal |
Fixed 5.4.0-30.34
|
|
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| linux-snapdragon | ||
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Fixed 4.15.0-1083.91
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release |
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu ProNotes
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
6.7 · Medium
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | High |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-4425-1
- Linux kernel vulnerabilities
- 27 July 2020
- USN-4426-1
- Linux kernel vulnerabilities
- 27 July 2020
- USN-4439-1
- Linux kernel vulnerabilities
- 27 July 2020
- USN-4440-1
- linux kernel vulnerabilities
- 31 July 2020
Other references
- https://www.openwall.com/lists/oss-security/2020/06/15/3
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.7
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=75b0cea7bf307f362057cc778efe89af4c615354
- https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh
- https://www.cve.org/CVERecord?id=CVE-2020-15780