CVE-2023-49721: Medium severity Canonical LXD vulnerability

Q: What is the severity of CVE-2023-49721?

CVE-2023-49721 has been classified as a high severity vulnerability due to its potential to allow bypassing of Secure Boot.

Q: How do I fix CVE-2023-49721?

To remediate CVE-2023-49721, ensure that the UEFI Shell is disabled in the LXD configuration.

Q: Which versions of LXD are affected by CVE-2023-49721?

CVE-2023-49721 affects LXD versions from 5.0.0 up to 5.21.0.

Q: Which versions of Tianocore edk2 are impacted by CVE-2023-49721?

CVE-2023-49721 impacts Tianocore edk2 versions up to and including 2023.11-8.

Q: What is the potential impact of CVE-2023-49721?

The potential impact of CVE-2023-49721 includes allowing OS-resident attackers to bypass Secure Boot protections.

Published Feb 14, 2024

Updated

An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.

Affected Software

2 affected components

Canonical LXD>=5.0.0<5.21.0

Tianocore edk2<=2023.11-8

Event History

Feb 14, 2024

CVE Published

via MITRE·09:57 PM

Data Sourced

via MITRE·09:57 PM

DescriptionSeverity

Data Sourced

via NVD·10:15 PM

DescriptionSeverityWeaknessAffected Software

Frequently Asked Questions

What is the severity of CVE-2023-49721?

CVE-2023-49721 has been classified as a high severity vulnerability due to its potential to allow bypassing of Secure Boot.

How do I fix CVE-2023-49721?

To remediate CVE-2023-49721, ensure that the UEFI Shell is disabled in the LXD configuration.

Which versions of LXD are affected by CVE-2023-49721?

CVE-2023-49721 affects LXD versions from 5.0.0 up to 5.21.0.

Which versions of Tianocore edk2 are impacted by CVE-2023-49721?

CVE-2023-49721 impacts Tianocore edk2 versions up to and including 2023.11-8.

What is the potential impact of CVE-2023-49721?