PT-2019-5798 · Linux+5 · Linux Kernel+5

Jason A. Donenfeld

Published

2019-08-19

Updated

2021-07-21

CVE-2019-20908

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.4

Description An issue in the Linux kernel's drivers/firmware/efi/efi.c allows attackers to bypass lockdown or secure boot restrictions due to incorrect access permissions for the efivar ssdt ACPI variable. This could be exploited to circumvent security features.

Recommendations For Linux kernel versions prior to 5.4, update to version 5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the efivar ssdt ACPI variable to minimize the risk of exploitation.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

ALT-PU-2019-3291

ALT-PU-2019-3343

ALT-PU-2019-3369

ALT-PU-2020-1198

ALT-PU-2020-1421

ALT-PU-2020-1450

ALT-PU-2020-1501

ALT-PU-2020-1714

ALT-PU-2020-2410

ALT-PU-2020-2433

ALT-PU-2021-1870

BDU:2021-02590

CESA-2020_3218

CESA-2020_3219

CVE-2019-20908

OPENSUSE-SU-2020:1153-1

OPENSUSE-SU-2020_1153-1

RHSA-2020:3218

RHSA-2020:3219

RHSA-2020:3222

RHSA-2020:3228

RHSA-2020_3218

RHSA-2020_3219

SUSE-SU-2020:2103-1

SUSE-SU-2020:2106-1

SUSE-SU-2020:2107-1

SUSE-SU-2020:2119-1

SUSE-SU-2020:2121-1

SUSE-SU-2020:2122-1

SUSE-SU-2020:2478-1

SUSE-SU-2020:2487-1

USN-4426-1

USN-4427-1

USN-4439-1

USN-4440-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2019-5798 · Linux+5 · Linux Kernel+5

CVE-2019-20908

Weakness Enumeration

Related Identifiers

Affected Products

References · 416