Vulnerabilities > CVE-2020-15780 - Missing Authorization vulnerability in multiple products

047910
CVSS 6.7 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
linux
opensuse
canonical
CWE-862

Summary

An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30.

Vulnerable Configurations

Part Description Count
OS
Linux
4551
OS
Opensuse
2
OS
Canonical
3

Common Weakness Enumeration (CWE)

References