{"id":"USN-4395-1","summary":"fwupd vulnerability","details":"Justin Steven discovered that fwupd incorrectly handled certain signature\nverification. An attacker could possibly use this issue to install an unsigned\nfirmware.\n","modified":"2026-04-22T10:06:12.475958Z","published":"2020-06-15T13:23:34Z","related":["UBUNTU-CVE-2020-10759"],"upstream":["CVE-2020-10759","UBUNTU-CVE-2020-10759"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4395-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-10759"}],"affected":[{"package":{"name":"fwupd","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/fwupd@0.8.3-0ubuntu5.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.8.3-0ubuntu5.1"}]}],"versions":["0.1.5-0ubuntu3","0.6.0-1","0.6.2-1","0.6.2-1ubuntu1","0.6.2-1ubuntu2","0.6.2-1ubuntu3","0.6.3-0ubuntu2","0.7.0-0ubuntu2","0.7.0-0ubuntu3","0.7.0-0ubuntu4","0.7.0-0ubuntu4.1","0.7.0-0ubuntu4.2","0.7.0-0ubuntu4.3","0.8.3-0ubuntu2","0.8.3-0ubuntu3","0.8.3-0ubuntu4","0.8.3-0ubuntu5"],"ecosystem_specific":{"binaries":[{"binary_version":"0.8.3-0ubuntu5.1","binary_name":"fwupd"},{"binary_version":"0.8.3-0ubuntu5.1","binary_name":"libdfu1"},{"binary_version":"0.8.3-0ubuntu5.1","binary_name":"libfwupd1"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[{"id":"CVE-2020-10759","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4395-1.json"}},{"package":{"name":"fwupd","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/fwupd@1.2.10-1ubuntu2~ubuntu18.04.5?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.2.10-1ubuntu2~ubuntu18.04.5"}]}],"versions":["0.9.7-2","1.0.0-4","1.0.0-5","1.0.1-2","1.0.2-1","1.0.4-3","1.0.4-3build1","1.0.5-1","1.0.6-2","1.0.9-0ubuntu2","1.2.10-1ubuntu2~ubuntu18.04.3"],"ecosystem_specific":{"binaries":[{"binary_version":"1.2.10-1ubuntu2~ubuntu18.04.5","binary_name":"fwupd"},{"binary_version":"1.2.10-1ubuntu2~ubuntu18.04.5","binary_name":"fwupd-amd64-signed-template"},{"binary_version":"1.2.10-1ubuntu2~ubuntu18.04.5","binary_name":"fwupd-arm64-signed-template"},{"binary_version":"1.2.10-1ubuntu2~ubuntu18.04.5","binary_name":"fwupd-armhf-signed-template"},{"binary_version":"1.2.10-1ubuntu2~ubuntu18.04.5","binary_name":"fwupd-i386-signed-template"},{"binary_version":"1.2.10-1ubuntu2~ubuntu18.04.5","binary_name":"fwupd-tests"},{"binary_version":"1.2.10-1ubuntu2~ubuntu18.04.5","binary_name":"gir1.2-fwupd-2.0"},{"binary_version":"1.2.10-1ubuntu2~ubuntu18.04.5","binary_name":"libfwupd2"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"id":"CVE-2020-10759","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4395-1.json"}},{"package":{"name":"fwupd","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/fwupd@1.3.9-4ubuntu0.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.9-4ubuntu0.1"}]}],"versions":["1.2.10-1ubuntu2","1.3.3-3","1.3.5-1","1.3.6-1ubuntu1","1.3.7-2","1.3.7-3","1.3.8-1","1.3.9-1","1.3.9-1build1","1.3.9-2","1.3.9-2build1","1.3.9-3","1.3.9-4"],"ecosystem_specific":{"binaries":[{"binary_version":"1.3.9-4ubuntu0.1","binary_name":"fwupd"},{"binary_version":"1.3.9-4ubuntu0.1","binary_name":"fwupd-amd64-signed-template"},{"binary_version":"1.3.9-4ubuntu0.1","binary_name":"fwupd-arm64-signed-template"},{"binary_version":"1.3.9-4ubuntu0.1","binary_name":"fwupd-armhf-signed-template"},{"binary_version":"1.3.9-4ubuntu0.1","binary_name":"fwupd-tests"},{"binary_version":"1.3.9-4ubuntu0.1","binary_name":"gir1.2-fwupd-2.0"},{"binary_version":"1.3.9-4ubuntu0.1","binary_name":"gir1.2-fwupdplugin-1.0"},{"binary_version":"1.3.9-4ubuntu0.1","binary_name":"libfwupd2"},{"binary_version":"1.3.9-4ubuntu0.1","binary_name":"libfwupdplugin1"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:20.04:LTS","cves":[{"id":"CVE-2020-10759","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N"},{"type":"Ubuntu","score":"medium"}]}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4395-1.json"}}],"schema_version":"1.7.5"}