Fluid Attacks Database

Description

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	edk2	=2020.11-2 \|\| =2020.11-2+deb11u1 \|\| >=0 <2020.11-2+deb11u2	2020.11-2+deb11u2
debian 12	edk2	=2022.11-6 \|\| >=0 <2022.11-6+deb12u1	2022.11-6+deb12u1
debian 13	edk2	>=0 <2023.11-7	2023.11-7
debian 14	edk2	>=0 <2023.11-7	2023.11-7

Aliases

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.