{"id":"CVE-2023-48733","details":"An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.","modified":"2026-04-11T12:46:21.517661Z","published":"2024-02-14T22:15:47.320Z","related":["openSUSE-SU-2024:13807-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"2023.11-8"}],"cpe":"cpe:2.3:a:tianocore:edk2:*:-:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"10.0"}],"cpe":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"}]},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48733"},{"type":"REPORT","url":"https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137"},{"type":"REPORT","url":"https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00028.html"},{"type":"ARTICLE","url":"https://www.openwall.com/lists/oss-security/2024/02/14/4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/canonical/lxd","events":[{"introduced":"0"},{"last_affected":"1e1349e3cbf30c1b2ce74e531d4dd0fd52c45be1"},{"last_affected":"761d134ceabd306f57acfb0ca51f59b03751a5b0"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"5.0-candidate"},{"last_affected":"5.21-candidate"},{"last_affected":"5.21-edge"}],"cpe":["cpe:2.3:a:canonical:lxd:5.0:candidate:*:*:*:*:*:*","cpe:2.3:a:canonical:lxd:5.21:candidate:*:*:*:*:*:*","cpe:2.3:a:canonical:lxd:5.21:edge:*:*:*:*:*:*"]}}],"versions":["lxd-0.1","lxd-0.10","lxd-0.11","lxd-0.12","lxd-0.13","lxd-0.14","lxd-0.15","lxd-0.16","lxd-0.17","lxd-0.18","lxd-0.19","lxd-0.2","lxd-0.20","lxd-0.21","lxd-0.22","lxd-0.23","lxd-0.24","lxd-0.25","lxd-0.26","lxd-0.27","lxd-0.3","lxd-0.4","lxd-0.5","lxd-0.6","lxd-0.7","lxd-0.8","lxd-0.8.1","lxd-0.9","lxd-2.0.0","lxd-2.0.0.beta1","lxd-2.0.0.beta2","lxd-2.0.0.beta3","lxd-2.0.0.beta4","lxd-2.0.0.rc1","lxd-2.0.0.rc2","lxd-2.0.0.rc3","lxd-2.0.0.rc4","lxd-2.0.0.rc5","lxd-2.0.0.rc6","lxd-2.0.0.rc7","lxd-2.0.0.rc8","lxd-2.0.0.rc9","lxd-2.1","lxd-2.10","lxd-2.10.1","lxd-2.11","lxd-2.12","lxd-2.13","lxd-2.14","lxd-2.15","lxd-2.16","lxd-2.17","lxd-2.18","lxd-2.19","lxd-2.2","lxd-2.20","lxd-2.21","lxd-2.3","lxd-2.4","lxd-2.4.1","lxd-2.5","lxd-2.6","lxd-2.6.1","lxd-2.6.2","lxd-2.7","lxd-2.8","lxd-2.9","lxd-2.9.1","lxd-2.9.2","lxd-2.9.3","lxd-3.0.0","lxd-3.0.0.beta1","lxd-3.0.0.beta2","lxd-3.0.0.beta3","lxd-3.0.0.beta4","lxd-3.0.0.beta5","lxd-3.0.0.beta6","lxd-3.0.0.beta7","lxd-3.1","lxd-3.10","lxd-3.11","lxd-3.12","lxd-3.13","lxd-3.14","lxd-3.15","lxd-3.16","lxd-3.17","lxd-3.18","lxd-3.19","lxd-3.2","lxd-3.20","lxd-3.21","lxd-3.22","lxd-3.23","lxd-3.3","lxd-3.4","lxd-3.5","lxd-3.6","lxd-3.7","lxd-3.8","lxd-3.9","lxd-4.0.0","lxd-4.1","lxd-4.10","lxd-4.11","lxd-4.12","lxd-4.13","lxd-4.14","lxd-4.15","lxd-4.16","lxd-4.17","lxd-4.18","lxd-4.19","lxd-4.2","lxd-4.20","lxd-4.21","lxd-4.22","lxd-4.23","lxd-4.24","lxd-4.3","lxd-4.4","lxd-4.5","lxd-4.6","lxd-4.7","lxd-4.8","lxd-4.9","lxd-5.0.0","lxd-5.1","lxd-5.10","lxd-5.11","lxd-5.12","lxd-5.13","lxd-5.14","lxd-5.15","lxd-5.16","lxd-5.17","lxd-5.2","lxd-5.21.0","lxd-5.3","lxd-5.4","lxd-5.5","lxd-5.6","lxd-5.7","lxd-5.8","lxd-5.9","v5.21.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-48733.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}