CVE-2023-48733

Description

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.

Affected packages (3)

• Debian/edk2from 0, < 2020.11-2+deb11u2
• Debian/edk2from 0, < 0~20181115.85588389-3+deb10u4
• Debian/edk2from 0, < 2020.11-2+deb11u2

CVSS scores

References (1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2023-48733