CVE 2023-49721
An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.
Related bugs and status
CVE-2023-49721 (Candidate) is related to these bugs:
Bug #2040137: exposing the EFI shell in Secure Boot mode can lead to security bypass
Bug #2040139: exposing the EFI shell in Secure Boot mode can lead to security bypass
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
2040139 | exposing the EFI shell in Secure Boot mode can lead to security bypass | lxd (Ubuntu) | Undecided | New |
See the
CVE page on Mitre.org
for more details.