CVE-2023-49721
Publication date 14 February 2024
Last updated 26 August 2025
Ubuntu priority
Description
An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| lxd | 24.04 LTS noble | Not in release |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Ignored end of standard support |
Severity score breakdown
CVSS version: CVSS v3.0
Base score
6.7 · Medium
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H