CVE-2020-26541

Advisory lineage Upstream: 0 Downstream: 27

Downstream

DEBIAN-CVE-2020-26541 MGASA-2021-0347 MGASA-2021-0348 OPENSUSE-SU-2022:2173-1 OPENSUSE-SU-2022:2177-1 RHSA-2021:2570

Modified

Published: 02 Oct 2020, 18:14

Last modified:04 Aug 2024, 15:56

Vulnerability Summary

Overall Risk (default)

medium

38/100

CVSS Score

6.9 MEDIUM

v2.0 (nvd)

EPSS Score

0.11% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

02 Oct 2020, 18:14

Published

Vulnerability first disclosed

04 Aug 2024, 15:56

Last Modified

Vulnerability information updated

Description

The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.

CVSS Metrics

v3.1•MEDIUM•Score: 6.5CVSS:3.1/AC:L/AV:L/A:H/C:H/I:H/PR:H/S:U/UI:R
v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
v2.0•MEDIUM•Score: 6.9AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.11%• Percentile: 30%

Affected Systems

linux•linux_kernel
≤ 5.8.13

References (1)

https://lkml.org/lkml/2020/9/15/1871