CVE-2020-10759
Description
A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because the Linux Vendor Firmware Service (LVFS) is either not implemented or enabled in versions of fwupd shipped with Red Hat Enterprise Linux 7 and 8. The highest threat from this vulnerability is to confidentiality and integrity.
Risk Information
Base Score
6.0
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.007
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Firmware update daemon (USN-4395-1) fwupd_0.8.3-0ubuntu5.1_i386.deb | Linux |
| Firmware update daemon (USN-4395-1) fwupd_0.8.3-0ubuntu5.1_amd64.deb | Linux |
| Firmware update daemon (USN-4395-1) fwupd_1.3.9-4ubuntu0.1_amd64.deb | Linux |
| Firmware update daemon (USN-4395-1) fwupd_1.2.10-1ubuntu4.1_i386.deb | Linux |
| Firmware update daemon (USN-4395-1) fwupd_1.2.10-1ubuntu4.1_amd64.deb | Linux |
| Firmware update daemon (USN-4395-1) fwupd_1.2.10-1ubuntu2~ubuntu18.04.5_i386.deb | Linux |
| Firmware update daemon (USN-4395-1) fwupd_1.2.10-1ubuntu2~ubuntu18.04.5_amd64.deb | Linux |
| Firmware update daemon (USN-4395-1) libfwupd1_0.8.3-0ubuntu5.1_i386.deb | Linux |
| Firmware update daemon (USN-4395-1) libfwupd1_0.8.3-0ubuntu5.1_amd64.deb | Linux |
| Firmware update daemon (USN-4395-1) libfwupd2_1.3.9-4ubuntu0.1_amd64.deb | Linux |
| Firmware update daemon (USN-4395-1) libfwupd2_1.2.10-1ubuntu4.1_i386.deb | Linux |
| Firmware update daemon (USN-4395-1) libfwupd2_1.2.10-1ubuntu4.1_amd64.deb | Linux |
| Firmware update daemon (USN-4395-1) libfwupd2_1.2.10-1ubuntu2~ubuntu18.04.5_i386.deb | Linux |
| Firmware update daemon (USN-4395-1) libfwupd2_1.2.10-1ubuntu2~ubuntu18.04.5_amd64.deb | Linux |
| (RHSA-2020:4436) gnome-software and fwupd security, bug fix, and enhancement update appstream-data-8-20200724.el8.noarch.rpm | Linux |
| (RHSA-2020:4436) gnome-software and fwupd security, bug fix, and enhancement update fwupd-1.4.2-4.el8.x86_64.rpm | Linux |
| (RHSA-2020:4436) gnome-software and fwupd security, bug fix, and enhancement update fwupd-debugsource-1.4.2-4.el8.x86_64.rpm | Linux |
| (RHSA-2020:4436) gnome-software and fwupd security, bug fix, and enhancement update gnome-software-3.36.1-4.el8.x86_64.rpm | Linux |
| (RHSA-2020:4436) gnome-software and fwupd security, bug fix, and enhancement update gnome-software-debugsource-3.36.1-4.el8.x86_64.rpm | Linux |
| (RHSA-2020:4436) gnome-software and fwupd security, bug fix, and enhancement update libxmlb-0.1.15-1.el8.i686.rpm | Linux |
| (RHSA-2020:4436) gnome-software and fwupd security, bug fix, and enhancement update libxmlb-0.1.15-1.el8.x86_64.rpm | Linux |
| (RHSA-2020:4436) gnome-software and fwupd security, bug fix, and enhancement update libxmlb-debugsource-0.1.15-1.el8.i686.rpm | Linux |
| (RHSA-2020:4436) gnome-software and fwupd security, bug fix, and enhancement update libxmlb-debugsource-0.1.15-1.el8.x86_64.rpm | Linux |
| (RHSA-2020:4436)Low: and fwupd security, bug fix, and enhancement update fwupd-debuginfo-1.4.2-4.el8.x86_64.rpm | Linux |
| (RHSA-2020:4436)Low: and fwupd security, bug fix, and enhancement update gnome-software-debuginfo-3.36.1-4.el8.x86_64.rpm | Linux |
| (RHSA-2020:4436)Low: and fwupd security, bug fix, and enhancement update libxmlb-debuginfo-0.1.15-1.el8.i686.rpm | Linux |
| (RHSA-2020:4436)Low: and fwupd security, bug fix, and enhancement update libxmlb-debuginfo-0.1.15-1.el8.x86_64.rpm | Linux |
| (RHSA-2020:4436)Low: and fwupd security, bug fix, and enhancement update libxmlb-tests-debuginfo-0.1.15-1.el8.i686.rpm | Linux |
| (RHSA-2020:4436)Low: and fwupd security, bug fix, and enhancement update libxmlb-tests-debuginfo-0.1.15-1.el8.x86_64.rpm | Linux |
| gnome-software and fwupd security, bug fix, and enhancement update (RLSA-2020:4436) libxmlb-0.1.15-1.el8.i686.rpm | Linux |
| gnome-software and fwupd security, bug fix, and enhancement update (RLSA-2020:4436) libxmlb-0.1.15-1.el8.x86_64.rpm | Linux |
| gnome-software and fwupd security, bug fix, and enhancement update (RLSA-2020:4436) appstream-data-8-20200724.el8.noarch.rpm | Linux |
| Appstream-data update (ELSA-2020-4436) appstream-data-8-20200724.el8.noarch.rpm | Linux |
| Fwupd update (ELSA-2020-4436) fwupd-1.4.2-4.0.1.el8.x86_64.rpm | Linux |
| Gnome-software update (ELSA-2020-4436) gnome-software-3.36.1-4.el8.x86_64.rpm | Linux |
| Libxmlb update (ELSA-2020-4436) libxmlb-0.1.15-1.el8.i686.rpm | Linux |
| Libxmlb update (ELSA-2020-4436) libxmlb-0.1.15-1.el8.x86_64.rpm | Linux |
| Low: gnome-software and fwupd security, bug fix, and enhancement update libxmlb-0.1.15-1.el8.x86_64.rpm | Linux |
| Low: gnome-software and fwupd security, bug fix, and enhancement update appstream-data-8-20200724.el8.noarch.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234