CVE-2023-48733

Summary

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.

Affected Software

VendorProductVersion RangeStatus
Canonical Ltd.Ubuntu EDK II0 < 2023.05-2ubuntu0.1affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References