CVE-2023-49721

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-49721

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49721.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-49721

Published

2024-02-14T22:15:47.530Z

Modified

2026-04-10T05:05:54.004247Z

Severity

6.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.

References

Affected packages

Git / github.com/canonical/lxd

Affected ranges

Type

GIT

Repo

https://github.com/canonical/lxd

Events

Introduced

1e1349e3cbf30c1b2ce74e531d4dd0fd52c45be1

Fixed

761d134ceabd306f57acfb0ca51f59b03751a5b0

Database specific

{
    "versions": [
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.21.0"
        }
    ]
}

Affected versions

lxd-5.*

lxd-5.0.0

lxd-5.1

lxd-5.10

lxd-5.11

lxd-5.12

lxd-5.13

lxd-5.14

lxd-5.15

lxd-5.16

lxd-5.17

lxd-5.2

lxd-5.3

lxd-5.4

lxd-5.5

lxd-5.6

lxd-5.7

lxd-5.8

lxd-5.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49721.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2023.11-8"
            }
        ]
    }
]