CVE-2020-26541

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-26541

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-26541.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-26541

Downstream

DEBIAN-CVE-2020-26541

RHSA-2021:2570

RHSA-2021:2599

RHSA-2021:2666

RHSA-2021:2718

RHSA-2021:2719

SUSE-SU-2022:2104-1

SUSE-SU-2022:2111-1

SUSE-SU-2022:2172-1

SUSE-SU-2022:2173-1

SUSE-SU-2022:2177-1

SUSE-SU-2022:2377-1

SUSE-SU-2022:2382-1

SUSE-SU-2022:2393-1

SUSE-SU-2022:2407-1

SUSE-SU-2022:2629-1

SUSE-SU-2022:4561-1

SUSE-SU-2022:4611-1

UBUNTU-CVE-2020-26541

USN-5070-1

USN-5106-1

USN-5120-1

USN-5210-1

openSUSE-SU-2022:2173-1

openSUSE-SU-2022:2177-1

Related

Published

2020-10-02T19:15:13Z

Modified

2025-08-09T20:01:26Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.

References

https://lkml.org/lkml/2020/9/15/1871

Affected packages