{"id":"CVE-2023-49721","details":"An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.","modified":"2026-04-10T05:05:54.004247Z","published":"2024-02-14T22:15:47.530Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48733"},{"type":"REPORT","url":"https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139"},{"type":"REPORT","url":"https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137"},{"type":"ARTICLE","url":"https://www.openwall.com/lists/oss-security/2024/02/14/4"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/canonical/lxd","events":[{"introduced":"1e1349e3cbf30c1b2ce74e531d4dd0fd52c45be1"},{"fixed":"761d134ceabd306f57acfb0ca51f59b03751a5b0"}],"database_specific":{"versions":[{"introduced":"5.0.0"},{"fixed":"5.21.0"}]}}],"versions":["lxd-5.0.0","lxd-5.1","lxd-5.10","lxd-5.11","lxd-5.12","lxd-5.13","lxd-5.14","lxd-5.15","lxd-5.16","lxd-5.17","lxd-5.2","lxd-5.3","lxd-5.4","lxd-5.5","lxd-5.6","lxd-5.7","lxd-5.8","lxd-5.9"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2023.11-8"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49721.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}