An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "qemu-efi-aarch64": "0~20191122.bd85bf54-2ubuntu3.5", "ovmf": "0~20191122.bd85bf54-2ubuntu3.5", "qemu-efi": "0~20191122.bd85bf54-2ubuntu3.5", "qemu-efi-arm": "0~20191122.bd85bf54-2ubuntu3.5" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "ovmf-ia32": "2022.02-3ubuntu0.22.04.2", "qemu-efi-aarch64": "2022.02-3ubuntu0.22.04.2", "ovmf": "2022.02-3ubuntu0.22.04.2", "qemu-efi": "2022.02-3ubuntu0.22.04.2", "qemu-efi-arm": "2022.02-3ubuntu0.22.04.2" } ] }