CVE-2023-48733
Publication date 14 February 2024
Last updated 24 July 2024
Ubuntu priority
An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| edk2 | 24.04 LTS noble |
Fixed 2023.11-7
|
| 22.04 LTS jammy |
Fixed 2022.02-3ubuntu0.22.04.2
|
|
| 20.04 LTS focal |
Fixed 0~20191122.bd85bf54-2ubuntu3.5
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty | Ignored |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
6.7 · Medium
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | High |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-6638-1
- EDK II vulnerabilities
- 15 February 2024