SB2020073051 - Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions update for kernel
Published: July 30, 2020 Updated: December 28, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Incorrect default permissions (CVE-ID: CVE-2019-20908)
CWE-ID: CWE-276 - Incorrect Default Permissions
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local privileged user to execute arbitrary code.
An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or secure boot restrictions, aka CID-1957a85b0032.
2) Out-of-bounds Write (CVE-ID: CVE-2020-10713)
CWE-ID: CWE-787 - Out-of-bounds write
CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a "BootHole" issue. An attacker with physical access can install persistent and stealthy bootkits or malicious bootloaders, trigger out-of-bounds write and execute arbitrary code on the target system.
3) Improper Authorization (CVE-ID: CVE-2020-15780)
CWE-ID: CWE-285 - Improper Authorization
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
The vulnerability allows a local user to bypass authorization checks.
The vulnerability exists due to improper authorization in "in drivers/acpi/acpi_configfs.c". A local administrator can inject malicious ACPI tables via configfs to bypass lockdown and secure boot restrictions.
Remediation
Install update from vendor's website.