Untriaged
Permalink
CVE-2023-49721
6.7 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): HIGH
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): HIGH
- Availability impact (A): HIGH
An insecure default to allow UEFI Shell in EDK2 was …
An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.
References
- https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139 issue-tracking
- https://nvd.nist.gov/vuln/detail/CVE-2023-48733 issue-tracking
- https://www.openwall.com/lists/oss-security/2024/02/14/4 mailing-list
- https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 issue-tracking
- https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139 issue-tracking
- https://nvd.nist.gov/vuln/detail/CVE-2023-48733 issue-tracking
- https://www.openwall.com/lists/oss-security/2024/02/14/4 mailing-list
- https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 issue-tracking
- https://nvd.nist.gov/vuln/detail/CVE-2023-48733 issue-tracking x_transferred
- https://www.openwall.com/lists/oss-security/2024/02/14/4 mailing-list x_transferred
- https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 issue-tracking x_transferred
- https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139 issue-tracking x_transferred
- https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139 issue-tracking
- https://nvd.nist.gov/vuln/detail/CVE-2023-48733 issue-tracking
- https://www.openwall.com/lists/oss-security/2024/02/14/4 mailing-list
- https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 issue-tracking
- https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139 issue-tracking x_transferred
- https://nvd.nist.gov/vuln/detail/CVE-2023-48733 issue-tracking x_transferred
- https://www.openwall.com/lists/oss-security/2024/02/14/4 mailing-list x_transferred
- https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 issue-tracking x_transferred
Affected products
lxd
- ==0
- *
Matching in nixpkgs
pkgs.lxd-image-server
Creates and manages a simplestreams lxd image server on top of nginx
-
nixos-unstable -
- nixpkgs-unstable 0.0.4
pkgs.python312Packages.pylxd
Library for interacting with the LXD REST API
-
nixos-unstable -
- nixpkgs-unstable 2.3.2
pkgs.python313Packages.pylxd
Library for interacting with the LXD REST API
-
nixos-unstable -
- nixpkgs-unstable 2.3.2
pkgs.terraform-providers.lxd
None
-
nixos-unstable -
- nixpkgs-unstable 2.5.0
Package maintainers
-
@mkg20001 Maciej Krüger <mkg20001+nix@gmail.com>