CVE 2023-48733
An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.
Related bugs and status
CVE-2023-48733 (Candidate) is related to these bugs:
Bug #2040137: exposing the EFI shell in Secure Boot mode can lead to security bypass
Bug #2054273: [Debian] Medium CVE: CVE-2023-48733 edk2 OS-resident attacker to bypass Secure Boot
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2054273 | [Debian] Medium CVE: CVE-2023-48733 edk2 OS-resident attacker to bypass Secure Boot | StarlingX | High | Fix Released |
See the
CVE page on Mitre.org
for more details.