Primary

Context

Ubuntu edk2 UEFI Firmware Secure Boot Bypass Vulnerability

Vulnerability

Patched

A vulnerability in the Ubuntu edk2 UEFI firmware packages allows access to the UEFI Shell in Secure Boot environments, potentially bypassing Secure Boot restrictions. This issue affects the AAVMF Secure Boot images in Ubuntu Noble and Oracular, which still allow launching the Shell with Secure Boot enabled. In response to a related vulnerability, CVE-2023-48733, the UEFI Shell was disabled in Secure Boot OVMF images, but this fix was not properly applied to AAVMF.

Impact

Exposing the UEFI Shell in Secure Boot mode can lead to a security bypass, allowing actions that would normally be restricted under Secure Boot.

Remediation

Users can upgrade to edk2 version 2024.05-2ubuntu0.3 or 2024.02-2ubuntu0.3, both of which disable the UEFI Shell in Secure Boot environments.

Added: Nov 26, 2025, 6:23 PM

Updated: Nov 26, 2025, 6:23 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

3.3

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

3.3

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ubuntu edk2 UEFI Firmware Secure Boot Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Ubuntu edk2

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating