Vulnerabilites related to canonical - lxd
CVE-2016-1582 (GCVE-0-2016-1582)
Vulnerability from cvelistv5
Published
2016-06-09 16:00
Modified
2024-08-05 23:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://linuxcontainers.org/lxd/news/ | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-2988-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:11.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://linuxcontainers.org/lxd/news/"
},
{
"name": "USN-2988-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2988-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-09T14:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://linuxcontainers.org/lxd/news/"
},
{
"name": "USN-2988-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2988-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2016-1582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://linuxcontainers.org/lxd/news/",
"refsource": "CONFIRM",
"url": "https://linuxcontainers.org/lxd/news/"
},
{
"name": "USN-2988-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2988-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2016-1582",
"datePublished": "2016-06-09T16:00:00",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:11.950Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1581 (GCVE-0-2016-1581)
Vulnerability from cvelistv5
Published
2016-06-09 16:00
Modified
2024-08-05 23:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| https://linuxcontainers.org/lxd/news/ | x_refsource_CONFIRM | |
| http://www.ubuntu.com/usn/USN-2988-1 | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:11.679Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://linuxcontainers.org/lxd/news/"
},
{
"name": "USN-2988-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2988-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-09T14:57:01",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://linuxcontainers.org/lxd/news/"
},
{
"name": "USN-2988-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2988-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2016-1581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://linuxcontainers.org/lxd/news/",
"refsource": "CONFIRM",
"url": "https://linuxcontainers.org/lxd/news/"
},
{
"name": "USN-2988-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2988-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2016-1581",
"datePublished": "2016-06-09T16:00:00",
"dateReserved": "2016-01-12T00:00:00",
"dateUpdated": "2024-08-05T23:02:11.679Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-48733 (GCVE-0-2023-48733)
Vulnerability from cvelistv5
Published
2024-02-14 21:54
Modified
2025-05-08 15:18
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | Ubuntu EDK II |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:37:54.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48733"
},
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/02/14/4"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00028.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-48733",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-15T16:17:59.516818Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Initialization of a Resource with an Insecure Default",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-08T15:18:23.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "edk2",
"platforms": [
"Linux"
],
"product": "Ubuntu EDK II",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "2023.05-2ubuntu0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mate Kukri"
}
],
"descriptions": [
{
"lang": "en",
"value": "An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu\u0027s EDK2. This allows an OS-resident attacker to bypass Secure Boot."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-06-30T23:06:04.090Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137"
},
{
"tags": [
"issue-tracking"
],
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48733"
},
{
"tags": [
"mailing-list"
],
"url": "https://www.openwall.com/lists/oss-security/2024/02/14/4"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00028.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2023-48733",
"datePublished": "2024-02-14T21:54:08.333Z",
"dateReserved": "2023-12-05T19:36:34.710Z",
"dateUpdated": "2025-05-08T15:18:23.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6219 (GCVE-0-2024-6219)
Vulnerability from cvelistv5
Published
2024-12-05 23:13
Modified
2025-08-28 13:29
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/canonical/lxd/security/advisories/GHSA-jpmc-7p9c-4rxf | issue-tracking | |
| https://www.cve.org/CVERecord?id=CVE-2024-6219 | issue-tracking |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | LXD |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6219",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T16:39:00.858631Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T13:29:18.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "lxd",
"platforms": [
"Linux"
],
"product": "LXD",
"repo": "https://github.com/canonical/lxd",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "5.21.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mark Laing discovered in LXD\u0027s PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T23:13:19.635Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/lxd/security/advisories/GHSA-jpmc-7p9c-4rxf"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6219"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-6219",
"datePublished": "2024-12-05T23:13:19.635Z",
"dateReserved": "2024-06-20T17:41:42.692Z",
"dateUpdated": "2025-08-28T13:29:18.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-49721 (GCVE-0-2023-49721)
Vulnerability from cvelistv5
Published
2024-02-14 21:57
Modified
2024-10-24 16:44
Severity ?
VLAI Severity ?
EPSS score ?
Summary
An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139 | issue-tracking | |
| https://nvd.nist.gov/vuln/detail/CVE-2023-48733 | issue-tracking | |
| https://www.openwall.com/lists/oss-security/2024/02/14/4 | mailing-list | |
| https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137 | issue-tracking |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | LXD |
Version: 0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:01:25.700Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48733"
},
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2024/02/14/4"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lxd",
"vendor": "canonical",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-49721",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-02-15T16:55:58.653539Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T16:44:29.650Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"packageName": "lxd",
"platforms": [
"Linux"
],
"product": "LXD",
"vendor": "Canonical Ltd.",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mate Kukri"
}
],
"descriptions": [
{
"lang": "en",
"value": "An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-02-14T21:57:40.878Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139"
},
{
"tags": [
"issue-tracking"
],
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48733"
},
{
"tags": [
"mailing-list"
],
"url": "https://www.openwall.com/lists/oss-security/2024/02/14/4"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2023-49721",
"datePublished": "2024-02-14T21:57:40.878Z",
"dateReserved": "2023-12-05T19:36:34.701Z",
"dateUpdated": "2024-10-24T16:44:29.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6156 (GCVE-0-2024-6156)
Vulnerability from cvelistv5
Published
2024-12-05 23:11
Modified
2025-03-18 15:58
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/canonical/lxd/security/advisories/GHSA-4c49-9fpc-hc3v | issue-tracking | |
| https://www.cve.org/CVERecord?id=CVE-2024-6156 | issue-tracking |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Canonical Ltd. | LXD |
Version: 4.0 ≤ Version: 4.0 ≤ Version: 4.0 ≤ Version: 4.0 ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "lxd",
"vendor": "canonical",
"versions": [
{
"lessThan": "5.21.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6156",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T16:39:16.738252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T15:58:10.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "lxd",
"platforms": [
"Linux"
],
"product": "LXD",
"repo": "https://github.com/canonical/lxd",
"vendor": "Canonical Ltd.",
"versions": [
{
"lessThan": "4.0.10",
"status": "affected",
"version": "4.0",
"versionType": "semver"
},
{
"lessThan": "5.0.4",
"status": "affected",
"version": "4.0",
"versionType": "semver"
},
{
"lessThan": "5.21.2",
"status": "affected",
"version": "4.0",
"versionType": "semver"
},
{
"lessThan": "6.1",
"status": "affected",
"version": "4.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mark Laing discovered that LXD\u0027s PKI mode, until version 5.21.2, could be bypassed if the client\u0027s certificate was present in the trust store."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T18:07:48.004Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/canonical/lxd/security/advisories/GHSA-4c49-9fpc-hc3v"
},
{
"tags": [
"issue-tracking"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6156"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2024-6156",
"datePublished": "2024-12-05T23:11:04.815Z",
"dateReserved": "2024-06-18T22:34:39.949Z",
"dateUpdated": "2025-03-18T15:58:10.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2024-12-06 00:15
Modified
2025-08-26 17:22
Severity ?
Summary
Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@ubuntu.com | https://github.com/canonical/lxd/security/advisories/GHSA-4c49-9fpc-hc3v | Exploit, Vendor Advisory | |
| security@ubuntu.com | https://www.cve.org/CVERecord?id=CVE-2024-6156 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "39F8A2B1-F73D-4ADB-8E4D-E9D42D2ABB7B",
"versionEndExcluding": "4.0.10",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E48F1136-C506-457C-B541-6290724B2070",
"versionEndExcluding": "5.0.4",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF3D3966-CFB4-46B6-8BDA-BE54667A9482",
"versionEndExcluding": "5.21.2",
"versionStartIncluding": "5.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mark Laing discovered that LXD\u0027s PKI mode, until version 5.21.2, could be bypassed if the client\u0027s certificate was present in the trust store."
},
{
"lang": "es",
"value": "Mark Laing descubri\u00f3 que el modo PKI de LXD, hasta la versi\u00f3n 5.21.2, pod\u00eda eludirse si el certificado del cliente estaba presente en el almac\u00e9n de confianza."
}
],
"id": "CVE-2024-6156",
"lastModified": "2025-08-26T17:22:01.483",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 1.4,
"source": "security@ubuntu.com",
"type": "Secondary"
}
]
},
"published": "2024-12-06T00:15:04.380",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/canonical/lxd/security/advisories/GHSA-4c49-9fpc-hc3v"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6156"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-09 16:59
Modified
2025-04-12 10:46
Severity ?
Summary
LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 15.10 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | lxd | 2.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:lxd:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ABBB3193-F7A8-44EE-8416-0B7165DE6635",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors."
},
{
"lang": "es",
"value": "LXD en versiones anteriores a 2.0.2 no establece adecuadamente los permisos cuando se cambia un recipiente sin privelegios a modo privilegiado, lo que permite a usuarios locales acceder a la lectura de todas las rutas arbitrarios en el directorio del contenedor a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-1582",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-09T16:59:03.063",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-2988-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://linuxcontainers.org/lxd/news/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2988-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://linuxcontainers.org/lxd/news/"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-06-09 16:59
Modified
2025-04-12 10:46
Severity ?
Summary
LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 15.10 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | lxd | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCA444F-9BF0-42A1-9175-4173A169C01B",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecified vectors."
},
{
"lang": "es",
"value": "LXD en versiones anteriores a 2.0.2 usa permisos world-readable para /var/lib/lxd/zfs.img al configurar una agrupaci\u00f3n ZFS en bucle, lo que permite a usuarios locales copiar y leer informaci\u00f3n de contenedores arbitrarios a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2016-1581",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-06-09T16:59:01.860",
"references": [
{
"source": "security@ubuntu.com",
"url": "http://www.ubuntu.com/usn/USN-2988-1"
},
{
"source": "security@ubuntu.com",
"tags": [
"Vendor Advisory"
],
"url": "https://linuxcontainers.org/lxd/news/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2988-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://linuxcontainers.org/lxd/news/"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-14 22:15
Modified
2025-08-26 17:19
Severity ?
Summary
An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCDFE8E4-47BD-40FE-93BB-FC5106157DDF",
"versionEndExcluding": "5.21.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tianocore:edk2:*:-:*:*:*:*:*:*",
"matchCriteriaId": "6CE995B2-F287-4E18-B840-6EC5171BBBA5",
"versionEndIncluding": "2023.11-8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot."
},
{
"lang": "es",
"value": "Un valor predeterminado inseguro para permitir UEFI Shell en EDK2 se dej\u00f3 habilitado en LXD. Esto permite que un atacante residente en el sistema operativo omita el arranque seguro."
}
],
"id": "CVE-2023-49721",
"lastModified": "2025-08-26T17:19:29.193",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "security@ubuntu.com",
"type": "Secondary"
}
]
},
"published": "2024-02-14T22:15:47.530",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137"
},
{
"source": "security@ubuntu.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48733"
},
{
"source": "security@ubuntu.com",
"tags": [
"Mailing List"
],
"url": "https://www.openwall.com/lists/oss-security/2024/02/14/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.openwall.com/lists/oss-security/2024/02/14/4"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-276"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-06 00:15
Modified
2025-08-28 14:15
Severity ?
Summary
Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@ubuntu.com | https://github.com/canonical/lxd/security/advisories/GHSA-jpmc-7p9c-4rxf | Exploit, Vendor Advisory | |
| security@ubuntu.com | https://www.cve.org/CVERecord?id=CVE-2024-6219 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:lxd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B34F54D-BABC-44EF-A8A8-5DE6DFF21B7F",
"versionEndExcluding": "5.21.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mark Laing discovered in LXD\u0027s PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured."
},
{
"lang": "es",
"value": "Mark Laing descubri\u00f3 en el modo PKI de LXD, hasta la versi\u00f3n 5.21.1, que se pod\u00eda agregar un certificado restringido al almac\u00e9n de confianza sin respetar sus restricciones."
}
],
"id": "CVE-2024-6219",
"lastModified": "2025-08-28T14:15:44.067",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 1.4,
"source": "security@ubuntu.com",
"type": "Secondary"
}
]
},
"published": "2024-12-06T00:15:04.530",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://github.com/canonical/lxd/security/advisories/GHSA-jpmc-7p9c-4rxf"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2024-6219"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Undergoing Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-02-14 22:15
Modified
2025-08-26 17:19
Severity ?
Summary
An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:canonical:lxd:5.0:candidate:*:*:*:*:*:*",
"matchCriteriaId": "3B09DDCF-2D2C-4670-BEDF-5C3574AE0595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:lxd:5.21:candidate:*:*:*:*:*:*",
"matchCriteriaId": "0707C567-7592-4564-86C3-427B4883E491",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:canonical:lxd:5.21:edge:*:*:*:*:*:*",
"matchCriteriaId": "9E7C13D8-BD34-44CA-B66A-328FD0A99919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:tianocore:edk2:*:-:*:*:*:*:*:*",
"matchCriteriaId": "6CE995B2-F287-4E18-B840-6EC5171BBBA5",
"versionEndIncluding": "2023.11-8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu\u0027s EDK2. This allows an OS-resident attacker to bypass Secure Boot."
},
{
"lang": "es",
"value": "Un valor predeterminado inseguro para permitir UEFI Shell en EDK2 se dej\u00f3 habilitado en EDK2 de Ubuntu. Esto permite que un atacante residente en el sistema operativo omita el arranque seguro."
}
],
"id": "CVE-2023-48733",
"lastModified": "2025-08-26T17:19:40.457",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "security@ubuntu.com",
"type": "Secondary"
}
]
},
"published": "2024-02-14T22:15:47.320",
"references": [
{
"source": "security@ubuntu.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137"
},
{
"source": "security@ubuntu.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139"
},
{
"source": "security@ubuntu.com",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00028.html"
},
{
"source": "security@ubuntu.com",
"tags": [
"Third Party Advisory"
],
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48733"
},
{
"source": "security@ubuntu.com",
"tags": [
"Mailing List"
],
"url": "https://www.openwall.com/lists/oss-security/2024/02/14/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/2040137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/2040139"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://www.openwall.com/lists/oss-security/2024/02/14/4"
}
],
"sourceIdentifier": "security@ubuntu.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1188"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}