Nixpkgs Security Tracker

Untriaged

Permalink CVE-2023-48733

6.7 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

An insecure default to allow UEFI Shell in EDK2 was …

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.

References

https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 issue-tracking
https://nvd.nist.gov/vuln/detail/CVE-2023-48733 issue-tracking
https://www.openwall.com/lists/oss-security/2024/02/14/4 mailing-list
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139 issue-tracking
https://www.openwall.com/lists/oss-security/2024/02/14/4 mailing-list
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139 issue-tracking
https://lists.debian.org/debian-lts-announce/2024/06/msg00028.html
https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 issue-tracking
https://nvd.nist.gov/vuln/detail/CVE-2023-48733 issue-tracking
https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 issue-tracking
https://nvd.nist.gov/vuln/detail/CVE-2023-48733 issue-tracking
https://www.openwall.com/lists/oss-security/2024/02/14/4 mailing-list
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139 issue-tracking
https://lists.debian.org/debian-lts-announce/2024/06/msg00028.html
https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 issue-tracking x_transferred
https://nvd.nist.gov/vuln/detail/CVE-2023-48733 issue-tracking x_transferred
https://www.openwall.com/lists/oss-security/2024/02/14/4 mailing-list x_transferred
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139 issue-tracking x_transferred
https://lists.debian.org/debian-lts-announce/2024/06/msg00028.html x_transferred
https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 issue-tracking
https://nvd.nist.gov/vuln/detail/CVE-2023-48733 issue-tracking
https://www.openwall.com/lists/oss-security/2024/02/14/4 mailing-list
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139 issue-tracking
https://lists.debian.org/debian-lts-announce/2024/06/msg00028.html
https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 issue-tracking x_transferred
https://nvd.nist.gov/vuln/detail/CVE-2023-48733 issue-tracking x_transferred
https://www.openwall.com/lists/oss-security/2024/02/14/4 mailing-list x_transferred
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139 issue-tracking x_transferred
https://lists.debian.org/debian-lts-announce/2024/06/msg00028.html x_transferred
https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 issue-tracking
https://nvd.nist.gov/vuln/detail/CVE-2023-48733 issue-tracking
https://www.openwall.com/lists/oss-security/2024/02/14/4 mailing-list
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139 issue-tracking
https://lists.debian.org/debian-lts-announce/2024/06/msg00028.html
https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 issue-tracking x_transferred
https://nvd.nist.gov/vuln/detail/CVE-2023-48733 issue-tracking x_transferred
https://www.openwall.com/lists/oss-security/2024/02/14/4 mailing-list x_transferred
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139 issue-tracking x_transferred
https://lists.debian.org/debian-lts-announce/2024/06/msg00028.html x_transferred

Affected products

edk2

<2023.05-2ubuntu0.1

Matching in nixpkgs

pkgs.edk2

Intel EFI development kit

nixos-unstable -
- nixpkgs-unstable 202505

pkgs.edk2-uefi-shell

UEFI Shell from Tianocore EFI development kit

nixos-unstable -
- nixpkgs-unstable 202505

pkgs.python312Packages.edk2-pytool-library

Python library package that supports UEFI development

nixos-unstable -
- nixpkgs-unstable edk2-pytool-library-0.23.8

pkgs.python313Packages.edk2-pytool-library