CVE-2020-26541

Does not enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism

References

https://lkml.org/lkml/2020/9/15/1871
https://lore.kernel.org/lkml/20200916004927.64276-1-eric.snowberg@oracle.com/
https://lore.kernel.org/lkml/2660556.1610545213@warthog.procyon.org.uk/

Notes

 bwh> This is only relevant to kernel versions that support the
 bwh> UEFI Secure Boot key store and/or are themselves signed.
 carnil> The commit adds a new config option SYSTEM_REVOCATION_LIST to
 carnil> enable the facility.

Bugs

Status

Branch	Status
4.19-buster-security	needed
4.19-upstream-stable	N/A "Secure Boot key import not supported"
5.10-bullseye-security	released (5.10.70-1)
5.10-upstream-stable	released (5.10.47) [45109066f686597116467a53eaf4330450702a96]
6.1-bookworm-security	N/A "Fixed before branch point"
6.1-upstream-stable	N/A "Fixed before branch point"
6.6-upstream-stable	unknown
6.8-upstream-stable	unknown
sid	released (5.14.6-1)
upstream	released (5.13-rc1) [56c5812623f95313f6a46fbf0beee7fa17c68bbf]