Canonical Fixes Secure Boot Bypass Flaw
Numerous Ubuntu installations have been subject to two particular vulnerabilities (CVE-2019-20908 and CVE-2020-15780) that could allow an attacker to bypass Secure Boot restrictions and execute binary code within the confines of the Linux kernel. Affected Ubuntu releases include those running kernel 4.15 and 5.4, so 14.04 ESM, 16.04, 16.04.6, 18.04, 18.04.4, and 20.04.
The CVE-2019-20908 (kernels 4.4.0 and 4.15.0) vulnerability was discovered to include incorrect access permissions for the efivar_ssdt ACPI variable. This vulnerability was listed as a medium priority.
The CVE-2020-15780 (kernel 5.4) vulnerability was discovered to allow the injection of malicious ACPI tables, via configfs, which could then be used by attackers to bypass lockdown and secure boot restrictions. This vulnerability was also listed as medium priority.
This particular security patch also fixes four other vulnerabilities:
- CVE-2020-11935 (affects all supported Ubuntu releases) which could allow an attacker to cause a DOS (Denial Of Service) attack.
- CVE-2019-16089 and CVE-2019-19462, both of which could allow an attacker to cause a DOS attack via the network block device and kernel user space relay implementations.
- CV-2020-10757 which would allow an attacker to access DAX storage to gain admin privileges.
It is important for any admin who manages affected Ubuntu systems to update immediately.