CVE-2023-49721
MEDIUMLXD 5.0.0-5.20.9 - Insecure Default UEFI Shell Permissions
Title source: llmDescription
An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.
References (4)
Core 4
Core References
Issue Tracking issue-tracking
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139
Third Party Advisory issue-tracking
https://nvd.nist.gov/vuln/detail/CVE-2023-48733
Mailing List mailing-list
https://www.openwall.com/lists/oss-security/2024/02/14/4
Issue Tracking issue-tracking
https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137
Scores
CVSS v3
6.7
EPSS
0.0002
EPSS Percentile
4.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-276
Status
published
Products (2)
canonical/lxd
5.0.0 - 5.21.0
tianocore/edk2
< 2023.11-8
Published
Feb 14, 2024
Tracked Since
Feb 18, 2026