Description
An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.
References (5)
Scores
CVSS v3
6.7
EPSS
0.0001
EPSS Percentile
1.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-1188
Status
published
Products (4)
canonical/lxd
5.0 candidate
canonical/lxd
5.21 candidate (2 CPE variants)
debian/debian_linux
10.0
tianocore/edk2
< 2023.11-8
Published
Feb 14, 2024
Tracked Since
Feb 18, 2026