Launchpad.net

CVE 2023-48733

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.

CVE-2023-48733 (Candidate) is related to these bugs:

Bug #2040137: exposing the EFI shell in Secure Boot mode can lead to security bypass

		In	Importance	Status
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	edk2 (Ubuntu)	Undecided	Fix Released
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	lxd (Ubuntu)	Undecided	New
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	edk2 (Ubuntu Focal)	Undecided	Fix Released
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	lxd (Ubuntu Focal)	Undecided	New
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	edk2 (Ubuntu Noble)	Undecided	Fix Released
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	lxd (Ubuntu Noble)	Undecided	New
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	edk2 (Ubuntu Jammy)	Undecided	Fix Released
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	lxd (Ubuntu Jammy)	Undecided	New
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	edk2 (Ubuntu Mantic)	Undecided	Fix Released
2040137	exposing the EFI shell in Secure Boot mode can lead to security bypass	lxd (Ubuntu Mantic)	Undecided	New

Bug #2054273: [Debian] Medium CVE: CVE-2023-48733 edk2 OS-resident attacker to bypass Secure Boot

Summary				In	Importance	Status
	2054273	[Debian] Medium CVE: CVE-2023-48733 edk2 OS-resident attacker to bypass Secure Boot		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.