[Debian] Medium CVE: CVE-2023-48733 edk2 OS-resident attacker to bypass Secure Boot
Bug #2054273 reported by
Yue Tao
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Peng Zhang |
Bug Description
CVE-2023-48733: https:/
An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.
Base Score: Medium
Reference:
['ovmf_
https:/
CVE References
Changed in starlingx: | |
assignee: | nobody → Peng Zhang (pzhang2) |
To post a comment you must log in.
Fix proposed to branch: master /review. opendev. org/c/starlingx /tools/ +/910127
Review: https:/