CVE-2020-28407 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-28407 Interim 1 25 2026-03-05T05:38:39Z current 2021-08-11T01:14:53Z 2026-03-05T05:38:39Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-28407 In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP7 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP7 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP7 SUSE Linux Micro 6.0 SUSE Linux Micro 6.1 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Tumbleweed swtpm-0.10.0-160000.2.2 swtpm-0.5.2-1.20 swtpm-0.5.3-150300.3.3.1 swtpm-0.6.1-1.1 swtpm-0.7.3-150500.2.1 swtpm-0.8.0-1.86 swtpm-0.9.0-150700.1.4 swtpm-0.9.0-slfo.1.1_2.4 swtpm-devel-0.5.2-1.20 swtpm-devel-0.5.3-150300.3.3.1 swtpm-devel-0.6.1-1.1 swtpm-devel-0.9.0-150700.1.4 swtpm-selinux-0.10.0-160000.2.2 swtpm-selinux-0.6.1-1.1 swtpm-selinux-0.8.0-1.86 swtpm-selinux-0.9.0-slfo.1.1_2.4 swtpm-0.5.2-1.20 as a component of SUSE Linux Enterprise Micro 5.1 swtpm-0.5.2-1.20 as a component of SUSE Linux Enterprise Micro 5.2 swtpm-0.5.3-150300.3.3.1 as a component of SUSE Linux Enterprise Micro 5.3 swtpm-0.5.3-150300.3.3.1 as a component of SUSE Linux Enterprise Micro 5.4 swtpm-0.7.3-150500.2.1 as a component of SUSE Linux Enterprise Micro 5.5 swtpm-0.5.2-1.20 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 swtpm-devel-0.5.2-1.20 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 swtpm-0.5.3-150300.3.3.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 swtpm-devel-0.5.3-150300.3.3.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 swtpm-0.9.0-150700.1.4 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 swtpm-devel-0.9.0-150700.1.4 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP7 swtpm-0.10.0-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 swtpm-selinux-0.10.0-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 swtpm-0.8.0-1.86 as a component of SUSE Linux Micro 6.0 swtpm-selinux-0.8.0-1.86 as a component of SUSE Linux Micro 6.0 swtpm-0.9.0-slfo.1.1_2.4 as a component of SUSE Linux Micro 6.1 swtpm-selinux-0.9.0-slfo.1.1_2.4 as a component of SUSE Linux Micro 6.1 swtpm-0.5.2-1.20 as a component of openSUSE Leap 15.3 swtpm-0.5.3-150300.3.3.1 as a component of openSUSE Leap 15.4 swtpm-0.6.1-1.1 as a component of openSUSE Tumbleweed swtpm-devel-0.6.1-1.1 as a component of openSUSE Tumbleweed swtpm-selinux-0.6.1-1.1 as a component of openSUSE Tumbleweed In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall. CVE-2020-28407 SUSE Linux Enterprise Micro 5.1:swtpm-0.5.2-1.20 SUSE Linux Enterprise Micro 5.2:swtpm-0.5.2-1.20 SUSE Linux Enterprise Micro 5.3:swtpm-0.5.3-150300.3.3.1 SUSE Linux Enterprise Micro 5.4:swtpm-0.5.3-150300.3.3.1 SUSE Linux Enterprise Micro 5.5:swtpm-0.7.3-150500.2.1 SUSE Linux Enterprise Module for Server Applications 15 SP3:swtpm-0.5.2-1.20 SUSE Linux Enterprise Module for Server Applications 15 SP3:swtpm-devel-0.5.2-1.20 SUSE Linux Enterprise Module for Server Applications 15 SP4:swtpm-0.5.3-150300.3.3.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:swtpm-devel-0.5.3-150300.3.3.1 SUSE Linux Enterprise Module for Server Applications 15 SP7:swtpm-0.9.0-150700.1.4 SUSE Linux Enterprise Module for Server Applications 15 SP7:swtpm-devel-0.9.0-150700.1.4 SUSE Linux Enterprise Server 16.0:swtpm-0.10.0-160000.2.2 SUSE Linux Enterprise Server 16.0:swtpm-selinux-0.10.0-160000.2.2 SUSE Linux Micro 6.0:swtpm-0.8.0-1.86 SUSE Linux Micro 6.0:swtpm-selinux-0.8.0-1.86 SUSE Linux Micro 6.1:swtpm-0.9.0-slfo.1.1_2.4 SUSE Linux Micro 6.1:swtpm-selinux-0.9.0-slfo.1.1_2.4 openSUSE Leap 15.3:swtpm-0.5.2-1.20 openSUSE Leap 15.4:swtpm-0.5.3-150300.3.3.1 openSUSE Tumbleweed:swtpm-0.6.1-1.1 openSUSE Tumbleweed:swtpm-devel-0.6.1-1.1 openSUSE Tumbleweed:swtpm-selinux-0.6.1-1.1 moderate 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L