CVE-2023-48733

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-48733

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-48733.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-48733

Downstream

DLA-3852-1

DSA-5624-1

UBUNTU-CVE-2023-48733

USN-6638-1

openSUSE-SU-2024:13807-1

Related

openSUSE-SU-2024:13807-1

Published

2024-02-14T22:15:47Z

Modified

2025-09-05T06:07:20.203819Z

Summary

[none]

Details

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.

References

Affected packages

Debian:11 / edk2

Package

Name: edk2
Purl: pkg:deb/debian/edk2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2020.11-2+deb11u2

Affected versions

2020.*

2020.11-2

2020.11-2+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / edk2

Package

Name: edk2
Purl: pkg:deb/debian/edk2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2022.11-6+deb12u1

Affected versions

2022.*

2022.11-6

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / edk2

Package

Name: edk2
Purl: pkg:deb/debian/edk2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2023.11-7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / edk2

Package

Name: edk2
Purl: pkg:deb/debian/edk2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2023.11-7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/canonical/lxd

Affected ranges

Type: GIT
Repo: https://github.com/canonical/lxd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

1e1349e3cbf30c1b2ce74e531d4dd0fd52c45be1

Last affected

761d134ceabd306f57acfb0ca51f59b03751a5b0

Affected versions

lxd-0.*

lxd-0.1

lxd-0.10

lxd-0.11

lxd-0.12

lxd-0.13

lxd-0.14

lxd-0.15

lxd-0.16

lxd-0.17

lxd-0.18

lxd-0.19

lxd-0.2

lxd-0.20

lxd-0.21

lxd-0.22

lxd-0.23

lxd-0.24

lxd-0.25

lxd-0.26

lxd-0.27

lxd-0.3

lxd-0.4

lxd-0.5

lxd-0.6

lxd-0.7

lxd-0.8

lxd-0.8.1

lxd-0.9

lxd-2.*

lxd-2.0.0

lxd-2.0.0.beta1

lxd-2.0.0.beta2

lxd-2.0.0.beta3

lxd-2.0.0.beta4

lxd-2.0.0.rc1

lxd-2.0.0.rc2

lxd-2.0.0.rc3

lxd-2.0.0.rc4

lxd-2.0.0.rc5

lxd-2.0.0.rc6

lxd-2.0.0.rc7

lxd-2.0.0.rc8

lxd-2.0.0.rc9

lxd-2.1

lxd-2.10

lxd-2.10.1

lxd-2.11

lxd-2.12

lxd-2.13

lxd-2.14

lxd-2.15

lxd-2.16

lxd-2.17

lxd-2.18

lxd-2.19

lxd-2.2

lxd-2.20

lxd-2.21

lxd-2.3

lxd-2.4

lxd-2.4.1

lxd-2.5

lxd-2.6

lxd-2.6.1

lxd-2.6.2

lxd-2.7

lxd-2.8

lxd-2.9

lxd-2.9.1

lxd-2.9.2

lxd-2.9.3

lxd-3.*

lxd-3.0.0

lxd-3.0.0.beta1

lxd-3.0.0.beta2

lxd-3.0.0.beta3

lxd-3.0.0.beta4

lxd-3.0.0.beta5

lxd-3.0.0.beta6

lxd-3.0.0.beta7

lxd-3.1

lxd-3.10

lxd-3.11

lxd-3.12

lxd-3.13

lxd-3.14

lxd-3.15

lxd-3.16

lxd-3.17

lxd-3.18

lxd-3.19

lxd-3.2

lxd-3.20

lxd-3.21

lxd-3.22

lxd-3.23

lxd-3.3

lxd-3.4

lxd-3.5

lxd-3.6

lxd-3.7

lxd-3.8

lxd-3.9

lxd-4.*

lxd-4.0.0

lxd-4.1

lxd-4.10

lxd-4.11

lxd-4.12

lxd-4.13

lxd-4.14

lxd-4.15

lxd-4.16

lxd-4.17

lxd-4.18

lxd-4.19

lxd-4.2

lxd-4.20

lxd-4.21

lxd-4.22

lxd-4.23

lxd-4.24

lxd-4.3

lxd-4.4

lxd-4.5

lxd-4.6

lxd-4.7

lxd-4.8

lxd-4.9

lxd-5.*

lxd-5.0.0