CVE-2025-2486
Publication date 28 April 2025
Last updated 28 April 2025
Ubuntu priority
built-in shell still present in AAVMF secboot image
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| edk2 | 25.04 plucky |
Vulnerable
|
| 24.10 oracular |
Vulnerable
|
|
| 24.04 LTS noble |
Vulnerable
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
Notes
mdeslaur
incomplete fix for CVE-2023-48733 In response to CVE-2023-48733, a different patch was backported to Jammy and Focal, that merely disables the Shell, but does not remove it, which did apply to AAVMF as well, hence only Noble, Oracular, and Plucky are vulnerable.