Vulnerability Name:

CVE-2020-26541 (CCN-189232)

Assigned:2020-09-15
Published:2020-09-15
Updated:2020-10-05
Summary:The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.
CVSS v3 Severity:6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)
5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
6.5 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)
5.7 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): High
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
CWE-200
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2020-26541

Source: XF
Type: UNKNOWN
linux-kernel-cve202026541-sec-bypass(189232)

Source: CCN
Type: LKML Web site
certs: Add EFI_CERT_X509_GUID support for dbx entries

Source: MISC
Type: Exploit, Vendor Advisory
https://lkml.org/lkml/2020/9/15/1871

Source: CCN
Type: IBM Security Bulletin 6381344 (Elastic Storage Server)
There are multiple vulnerabilities in the Linux Kernel used in IBM Elastic Storage System

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:* (Version <= 5.8.13)

    • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/a:redhat:enterprise_linux:8::nfv:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/a:redhat:enterprise_linux:8::realtime:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:5.8.13:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:elastic_storage_server:6.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:elastic_storage_server:6.0.1.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:4737
    P
    		Security update for the Linux Kernel (Important)
    2022-08-02
    oval:org.opensuse.security:def:125755
    P
    		Security update for the Linux Kernel (Important)
    2022-07-14
    oval:org.opensuse.security:def:126919
    P
    		Security update for the Linux Kernel (Important)
    2022-07-14
    oval:org.opensuse.security:def:125116
    P
    		Security update for the Linux Kernel (Important)
    2022-07-14
    oval:org.opensuse.security:def:127316
    P
    		Security update for the Linux Kernel (Important)
    2022-07-14
    oval:org.opensuse.security:def:125375
    P
    		Security update for the Linux Kernel (Important)
    2022-07-14
    oval:org.opensuse.security:def:6097
    P
    		Security update for the Linux Kernel (Important)
    2022-07-13
    oval:org.opensuse.security:def:6344
    P
    		Security update for the Linux Kernel (Important)
    2022-07-13
    oval:org.opensuse.security:def:5294
    P
    		Security update for the Linux Kernel (Important)
    2022-07-13
    oval:org.opensuse.security:def:4300
    P
    		Security update for the Linux Kernel (Important)
    2022-07-13
    oval:org.opensuse.security:def:4642
    P
    		Security update for the Linux Kernel (Important)
    2022-07-13
    oval:org.opensuse.security:def:6096
    P
    		Security update for the Linux Kernel (Important)
    2022-07-12
    oval:org.opensuse.security:def:42399
    P
    		Security update for the Linux Kernel (Important)
    2022-06-24
    oval:org.opensuse.security:def:1597
    P
    		Security update for the Linux Kernel (Important)
    2022-06-24
    oval:org.opensuse.security:def:43636
    P
    		Security update for the Linux Kernel (Important)
    2022-06-24
    oval:org.opensuse.security:def:1239
    P
    		Security update for the Linux Kernel (Important)
    2022-06-24
    oval:org.opensuse.security:def:535
    P
    		Security update for the Linux Kernel (Important)
    2022-06-24
    oval:org.opensuse.security:def:42400
    P
    		Security update for the Linux Kernel (Important)
    2022-06-24
    oval:org.opensuse.security:def:1755
    P
    		Security update for the Linux Kernel (Important)
    2022-06-24
    oval:org.opensuse.security:def:42303
    P
    		Security update for the Linux Kernel (Important)
    2022-06-24
    oval:org.opensuse.security:def:1387
    P
    		Security update for the Linux Kernel (Important)
    2022-06-24
    oval:org.opensuse.security:def:1810
    P
    		Security update for the Linux Kernel (Important)
    2022-06-24
    oval:org.opensuse.security:def:919
    P
    		Security update for the Linux Kernel (Important)
    2022-06-24
    oval:org.opensuse.security:def:42304
    P
    		Security update for the Linux Kernel (Important)
    2022-06-24
    oval:org.opensuse.security:def:1562
    P
    		Security update for the Linux Kernel (Important)
    2022-06-24
    oval:org.opensuse.security:def:43635
    P
    		Security update for the Linux Kernel (Important)
    2022-06-24
    oval:org.opensuse.security:def:1182
    P
    		Security update for the Linux Kernel (Important)
    2022-06-24
    oval:org.opensuse.security:def:531
    P
    		Security update for the Linux Kernel (Important)
    2022-06-17
    oval:org.opensuse.security:def:118737
    P
    		Security update for the Linux Kernel (Important)
    2022-06-16
    oval:org.opensuse.security:def:119607
    P
    		Security update for the Linux Kernel (Important)
    2022-06-16
    oval:org.opensuse.security:def:118927
    P
    		Security update for the Linux Kernel (Important)
    2022-06-16
    oval:org.opensuse.security:def:118189
    P
    		Security update for the Linux Kernel (Important)
    2022-06-16
    oval:org.opensuse.security:def:119232
    P
    		Security update for the Linux Kernel (Important)
    2022-06-16
    oval:org.opensuse.security:def:118647
    P
    		Security update for the Linux Kernel (Important)
    2022-06-16
    oval:org.opensuse.security:def:119422
    P
    		Security update for the Linux Kernel (Important)
    2022-06-16
    oval:com.redhat.rhsa:def:20212570
    P
    		RHSA-2021:2570: kernel security and bug fix update (Important)
    2021-06-29
    oval:com.redhat.rhsa:def:20212599
    P
    		RHSA-2021:2599: kernel-rt security and bug fix update (Important)
    2021-06-29
    BACK
    linux linux kernel *
    linux linux kernel 5.8.13
    ibm elastic storage server 6.0.0
    ibm elastic storage server 6.0.1.1