I discussed this with Multipass and added them to the bug.
Multipass believes they are unaffected as they use EDK2 from source with no special configurations.
Regardless, Multipass is meant for development and their Security Policy states that privilege escalation does not apply to their security scope: https://multipass.run/docs/about-security
I discussed this with Multipass and added them to the bug.
Multipass believes they are unaffected as they use EDK2 from source with no special configurations.
Regardless, Multipass is meant for development and their Security Policy states that privilege escalation does not apply to their security scope: https:/ /multipass. run/docs/ about-security