An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot. ========Wind River Notice======== Based on discussion - https://www.openwall.com/lists/oss-security/2024/02/14/4 The TianoCore project does not consider this a vulnerability in edk2 as the configuration option to disable the UEFI Shell is available, and deciding this policy is up to downstream vendors and distributors. The CVE-2023-48733 is reported by Ubuntu, and upstream edk2 does not consider this a vulnerability
