CVE-2023-48733

🗓️ 14 Feb 2024 21:54:08Reported by canonicalType

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot

Reporter	Title	Published	Views	Family All 50
AlpineLinux	CVE-2023-48733	14 Feb 202421:54	–	alpinelinux
AlpineLinux	CVE-2025-2486	26 Nov 202517:33	–	alpinelinux
AstraLinux	Astra Linux – Vulnerability in edk2	19 Jun 202611:10	–	astralinux
BDU FSTEC	The vulnerability of open-source development environments for UEFI EDK2, related to configuration errors, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.	13 Sep 202400:00	–	bdu_fstec
Circl	CVE-2023-48733	14 Feb 202423:26	–	circl
CNNVD	EDK2 Security Vulnerability	14 Feb 202400:00	–	cnnvd
CNNVD	EDK2 Security Vulnerability	14 Feb 202400:00	–	cnnvd
Cvelist	CVE-2023-48733	14 Feb 202421:54	–	cvelist
Debian	[SECURITY] [DLA 3852-1] edk2 security update	30 Jun 202422:07	–	debian
Debian	[SECURITY] [DSA 5624-1] edk2 security update	14 Feb 202420:00	–	debian

NVD

Node

canonical lxdMatch5.0candidate

canonical lxdMatch5.21candidate

canonical lxdMatch5.21edge

tianocore edk2Range≤2023.11-8-

Node

debian debian_linuxMatch10.0

[
  {
    "packageName": "edk2",
    "product": "Ubuntu EDK II",
    "vendor": "Canonical Ltd.",
    "platforms": [
      "Linux"
    ],
    "versions": [
      {
        "lessThan": "2023.05-2ubuntu0.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
openwall	www.openwall.com/lists/oss-security/2024/02/14/4
lists	www.lists.debian.org/debian-lts-announce/2024/06/msg00028.html
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-48733
bugs	www.bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139
bugs	www.bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137

17 Jun 2026 06:34Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.16.7

EPSS0.00256

SSVC

CWE-1188