Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged

Filter by:

With package: python311Packages.edk2-pytool-library

Found 1 matching suggestions

View:

Compact

Detailed

Permalink CVE-2023-48733

6.7 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 year, 2 months ago

An insecure default to allow UEFI Shell in EDK2 was …

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.

References

https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 issue-trackingx_transferred
https://nvd.nist.gov/vuln/detail/CVE-2023-48733 issue-trackingx_transferred
https://www.openwall.com/lists/oss-security/2024/02/14/4 mailing-listx_transferred
https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139 issue-trackingx_transferred
https://lists.debian.org/debian-lts-announce/2024/06/msg00028.html x_transferred

Affected products

edk2

<2023.05-2ubuntu0.1

Matching in nixpkgs

pkgs.edk2

Intel EFI development kit

nixos-unstable 202411
- nixpkgs-unstable 202411
- nixos-unstable-small 202411

pkgs.edk2-uefi-shell

UEFI Shell from Tianocore EFI development kit

nixos-unstable 202411
- nixpkgs-unstable 202411
- nixos-unstable-small 202411

pkgs.python311Packages.edk2-pytool-library

Python library package that supports UEFI development

nixos-unstable edk2-pytool-library-0.22.3
- nixpkgs-unstable edk2-pytool-library-0.22.3
- nixos-unstable-small edk2-pytool-library-0.22.3

pkgs.python312Packages.edk2-pytool-library

Python library package that supports UEFI development

nixos-unstable edk2-pytool-library-0.22.3
- nixpkgs-unstable edk2-pytool-library-0.22.3
- nixos-unstable-small edk2-pytool-library-0.22.3

Package maintainers

@mjoerg Martin Joerg <martin.joerg@gmail.com>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@NickCao Nick Cao <nickcao@nichi.co>

1