CVE-2023-49721
6.7
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Canonical Ltd. | LXD | 0 | affected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
- https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139
- https://nvd.nist.gov/vuln/detail/CVE-2023-48733
- https://www.openwall.com/lists/oss-security/2024/02/14/4
- https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139
- https://nvd.nist.gov/vuln/detail/CVE-2023-48733
- https://www.openwall.com/lists/oss-security/2024/02/14/4
- https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.