CVE-2020-26541

Medium

6.5/10

Summary

The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: HIGH
Confidentiality Impact: HIGH
Availability Impact: HIGH

References

Advisory Timeline

Published Oct 02, 2020

CVE-2020-26541

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS