CVE-2019-20908

Priority
Description
An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel
before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable
could be used by attackers to bypass lockdown or secure boot restrictions,
aka CID-1957a85b0032.
Ubuntu-Description
Jason A. Donenfeld discovered that the ACPI implementation in the Linux
kernel did not properly restrict loading SSDT code from an EFI variable. A
privileged attacker could use this to bypass Secure Boot lockdown
restrictions and execute arbitrary code in the kernel.
Notes
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:released (4.15.0-112.113)
Ubuntu 20.04 LTS:not-affected (5.4.0-9.12)
Ubuntu 16.04 ESM:not-affected (4.2.0-16.19)
Ubuntu 14.04 ESM:not-affected (3.11.0-12.19)
Patches:
Introduced by
475fb4e8b2f4444d1d7b406ff3a7d21bc89a1e6f
Fixed by
1957a85b0032a81e6482ca4aab883643b8dae06e
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:released (4.15.0-1079.83)
Ubuntu 20.04 LTS:not-affected (5.4.0-1005.5)
Ubuntu 16.04 ESM:not-affected (4.4.0-1001.10)
Ubuntu 14.04 ESM:not-affected (4.4.0-1002.2)
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:released (5.3.0-1032.34~18.04.2)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:not-affected (5.4.0-1018.18~18.04.1)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:DNE
Ubuntu 20.04 LTS:DNE
Ubuntu 16.04 ESM:released (4.15.0-1079.83~16.04.1)
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:not-affected (5.4.0-1006.6)
Ubuntu 16.04 ESM:released (4.15.0-1092.102~16.04.1)
Ubuntu 14.04 ESM:released (4.15.0-1092.102~14.04.1)
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:released (4.15.0-1092.102)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:released (5.3.0-1034.35~18.04.1)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:not-affected (5.4.0-1020.20~18.04.1)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:not-affected (4.15.0-1005.8)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:not-affected (5.4.0-1005.5)
Ubuntu 16.04 ESM:released (4.15.0-1080.90~16.04.1)
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:released (4.15.0-1080.90)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:released (5.3.0-1032.34~18.04.1)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:not-affected (5.4.0-1019.19~18.04.2)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:released (4.15.0-1066.69)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:released (5.0.0-1045.46)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:released (5.3.0-1032.34~18.04.1)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:not-affected (5.4.0-1025.25~18.04.1)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:DNE
Ubuntu 20.04 LTS:not-affected (5.4.0-1008.9)
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:not-affected (5.4.0-1001.1)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:released (5.3.0-64.58~18.04.1)
Ubuntu 20.04 LTS:DNE
Ubuntu 16.04 ESM:released (4.15.0-112.113~16.04.1)
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:not-affected (5.4.0-37.41~18.04.1)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:DNE
Ubuntu 20.04 LTS:not-affected (5.8.0-23.24~20.04.1)
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:DNE
Ubuntu 16.04 ESM:ignored (was needs-triage now end-of-life)
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:released (4.15.0-1071.72)
Ubuntu 20.04 LTS:not-affected (5.4.0-1004.4)
Ubuntu 16.04 ESM:not-affected (4.4.0-1004.9)
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:DNE
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:DNE
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:not-affected (4.4.0-13.29~14.04.1)
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:released (4.15.0-1093.103)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:DNE
Ubuntu 20.04 LTS:not-affected (5.10.0-1008.9)
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:DNE
Ubuntu 20.04 LTS:not-affected (5.6.0-1007.7)
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:released (5.0.0-1065.70)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:released (4.15.0-1050.54)
Ubuntu 20.04 LTS:not-affected (5.4.0-1005.5)
Ubuntu 16.04 ESM:released (4.15.0-1050.54~16.04.1)
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:ignored (was needs-triage now end-of-life)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:released (5.3.0-1030.32~18.04.1)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:not-affected (5.4.0-1019.19~18.04.1)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:DNE
Ubuntu 20.04 LTS:not-affected (5.4.0-1007.7)
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:not-affected (5.4.0-1013.13~18.04.1)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:released (4.15.0-1067.71)
Ubuntu 20.04 LTS:ignored (was needs-triage now end-of-life)
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:released (5.3.0-1030.32~18.04.2)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:DNE
Ubuntu 20.04 LTS:not-affected (5.4.0-24.28)
Ubuntu 14.04 ESM:DNE
Patches:
Package
Upstream:released (5.4~rc1)
Ubuntu 18.04 LTS:released (4.15.0-1083.91)
Ubuntu 20.04 LTS:DNE
Ubuntu 14.04 ESM:DNE
Patches:
More Information

Updated: 2022-04-13 13:54:04 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)