CVE-2020-26541 — Improper Verification of Cryptographic Signature in Linux

CWE-347 — Improper Verification of Cryptographic Signature21 documents10 sources

Severity

6.5MEDIUMNVD

OSV7.8

EPSS

0.1%

top 70.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Debian Linux Paloalto Pan-os +1 more

Timeline

PublishedOct 2

Latest updateFeb 14

Description

The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.6 | Impact: 5.9

Affected Packages6 packages

▶Debianlinux/linux_kernel< 5.10.70-1+3

▶Ubuntulinux/linux_kernel< 5.4.0-92.103+1

▶NVDlinux/linux_kernel5.8.13

▶debiandebian/linux< linux 5.14.6-1 (bookworm)

▶msrcmsrc/cm1_kernel_5.10.57.1-1_on_cbl_mariner_1.0

🔴Vulnerability Details

GHSA

GHSA-f823-qm69-5873: The Linux kernel through 5↗2022-05-24

▶

OSV

linux, linux-gcp, linux-gcp-5.4, linux-hwe-5.4 regression↗2022-01-12

▶

OSV

linux, linux-aws, linux-aws-5.4, linux-azure, linux-azure-5.4, linux-bluefield, linux-gcp, linux-gcp-5.4, linux-gke, linux-gke-5.4, linux-gkeop, linux-gkeop-5.4, linux-hwe-5.4, linux-ibm, linux-kvm, l↗2022-01-06

▶

OSV

linux-azure-5.8 vulnerabilities↗2021-10-21

▶

OSV

linux-oem-5.10 vulnerabilities↗2021-10-06

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS↗2024-02-14

▶

Ubuntu

Linux kernel regression↗2022-01-12

▶

Ubuntu

Linux kernel vulnerabilities↗2022-01-06

▶

Ubuntu

Linux kernel (Azure) vulnerabilities↗2021-10-21

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2021-10-06

▶

💬Community

Bugzilla

CVE-2020-26541 kernel: security bypass in certs/blacklist.c and certs/system_keyring.c [fedora-all]↗2020-10-08

▶

Bugzilla

CVE-2020-26541 kernel: security bypass in certs/blacklist.c and certs/system_keyring.c↗2020-10-08

▶