CVE-2022-49357

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-49357

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49357.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-49357

Related

UBUNTU-CVE-2022-49357

Published

2025-02-26T07:01:12Z

Modified

2025-02-26T19:03:03.084535Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

efi: Do not import certificates from UEFI Secure Boot for T2 Macs

On Apple T2 Macs, when Linux attempts to read the db and dbx efi variables at early boot to load UEFI Secure Boot certificates, a page fault occurs in Apple firmware code and EFI runtime services are disabled with the following logs:

WARNING: CPU: 3 PID: 104 at arch/x86/platform/efi/quirks.c:735 eficrashgracefullyonpagefault+0x50/0xf0 (Removed some logs from here) Call Trace: <TASK> pagefaultoops+0x4f/0x2c0 ? searchbpfextables+0x6b/0x80 ? searchmoduleextables+0x50/0x80 ? searchexceptiontables+0x5b/0x60 kernelmodefixuporoops+0x9e/0x110 _badareanosemaphore+0x155/0x190 badareanosemaphore+0x16/0x20 dokernaddrfault+0x8c/0xa0 excpagefault+0xd8/0x180 asmexcpagefault+0x1e/0x30 (Removed some logs from here) ? _eficall+0x28/0x30 ? switchmm+0x20/0x30 ? eficallrts+0x19a/0x8e0 ? processonework+0x222/0x3f0 ? workerthread+0x4a/0x3d0 ? kthread+0x17a/0x1a0 ? processonework+0x3f0/0x3f0 ? setkthreadstruct+0x40/0x40 ? retfromfork+0x22/0x30 </TASK> ---[ end trace 1f82023595a5927f ]--- efi: Froze efirts_wq and disabled EFI Runtime Services integrity: Couldn't get size: 0x8000000000000015 integrity: MODSIGN: Couldn't get UEFI db list efi: EFI Runtime Services are disabled! integrity: Couldn't get size: 0x8000000000000015 integrity: Couldn't get UEFI dbx list integrity: Couldn't get size: 0x8000000000000015 integrity: Couldn't get mokx list integrity: Couldn't get size: 0x80000000

So we avoid reading these UEFI variables and thus prevent the crash.

References

Affected packages

Debian:11 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.10.127-1

Affected versions

5.*

5.10.46-4

5.10.46-5

5.10.70-1~bpo10+1

5.10.70-1

5.10.84-1

5.10.92-1~bpo10+1

5.10.92-1

5.10.92-2

5.10.103-1~bpo10+1

5.10.103-1

5.10.106-1

5.10.113-1

5.10.120-1~bpo10+1

5.10.120-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.18.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / linux

Package

Name: linux
Purl: pkg:deb/debian/linux?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.18.5-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}