CVE-2023-49721
published 2024-02-14CVE-2023-49721: An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.
medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | lxd | >= 5.0.0 < 5.21.0 | 5.21.0 |
| canonical_ltd | lxd | — | — |
| debian | incus | — | — |
| debian | lxd | — | — |
| tianocore | edk2 | <= 2023.11-8 | — |