{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-49357", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-02-26T02:08:31.546Z", "datePublished": "2025-02-26T02:11:06.931Z", "dateUpdated": "2025-05-04T08:35:58.200Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2025-05-04T08:35:58.200Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: Do not import certificates from UEFI Secure Boot for T2 Macs\n\nOn Apple T2 Macs, when Linux attempts to read the db and dbx efi variables\nat early boot to load UEFI Secure Boot certificates, a page fault occurs\nin Apple firmware code and EFI runtime services are disabled with the\nfollowing logs:\n\n[Firmware Bug]: Page fault caused by firmware at PA: 0xffffb1edc0068000\nWARNING: CPU: 3 PID: 104 at arch/x86/platform/efi/quirks.c:735 efi_crash_gracefully_on_page_fault+0x50/0xf0\n(Removed some logs from here)\nCall Trace:\n <TASK>\n page_fault_oops+0x4f/0x2c0\n ? search_bpf_extables+0x6b/0x80\n ? search_module_extables+0x50/0x80\n ? search_exception_tables+0x5b/0x60\n kernelmode_fixup_or_oops+0x9e/0x110\n __bad_area_nosemaphore+0x155/0x190\n bad_area_nosemaphore+0x16/0x20\n do_kern_addr_fault+0x8c/0xa0\n exc_page_fault+0xd8/0x180\n asm_exc_page_fault+0x1e/0x30\n(Removed some logs from here)\n ? __efi_call+0x28/0x30\n ? switch_mm+0x20/0x30\n ? efi_call_rts+0x19a/0x8e0\n ? process_one_work+0x222/0x3f0\n ? worker_thread+0x4a/0x3d0\n ? kthread+0x17a/0x1a0\n ? process_one_work+0x3f0/0x3f0\n ? set_kthread_struct+0x40/0x40\n ? ret_from_fork+0x22/0x30\n </TASK>\n---[ end trace 1f82023595a5927f ]---\nefi: Froze efi_rts_wq and disabled EFI Runtime Services\nintegrity: Couldn't get size: 0x8000000000000015\nintegrity: MODSIGN: Couldn't get UEFI db list\nefi: EFI Runtime Services are disabled!\nintegrity: Couldn't get size: 0x8000000000000015\nintegrity: Couldn't get UEFI dbx list\nintegrity: Couldn't get size: 0x8000000000000015\nintegrity: Couldn't get mokx list\nintegrity: Couldn't get size: 0x80000000\n\nSo we avoid reading these UEFI variables and thus prevent the crash."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["security/integrity/platform_certs/keyring_handler.h", "security/integrity/platform_certs/load_uefi.c"], "versions": [{"version": "15ea0e1e3e185040bed6119f815096f2e4326242", "lessThan": "b1cda6dd2c44771f042d65f0d17bec322ef99a0a", "status": "affected", "versionType": "git"}, {"version": "15ea0e1e3e185040bed6119f815096f2e4326242", "lessThan": "c072cab98bac11f6ef9db640fb51834d9552e2e6", "status": "affected", "versionType": "git"}, {"version": "15ea0e1e3e185040bed6119f815096f2e4326242", "lessThan": "65237307f88f5200782ae7f243bdd385e37cde5d", "status": "affected", "versionType": "git"}, {"version": "15ea0e1e3e185040bed6119f815096f2e4326242", "lessThan": "b34786b25d75f9c119696e6bdf3827f54ae3601b", "status": "affected", "versionType": "git"}, {"version": "15ea0e1e3e185040bed6119f815096f2e4326242", "lessThan": "1f7264f0510f519b4e4f575a8f0579ea65e7592e", "status": "affected", "versionType": "git"}, {"version": "15ea0e1e3e185040bed6119f815096f2e4326242", "lessThan": "155ca952c7ca19aa32ecfb7373a32bbc2e1ec6eb", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["security/integrity/platform_certs/keyring_handler.h", "security/integrity/platform_certs/load_uefi.c"], "versions": [{"version": "5.0", "status": "affected"}, {"version": "0", "lessThan": "5.0", "status": "unaffected", "versionType": "semver"}, {"version": "5.4.198", "lessThanOrEqual": "5.4.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.121", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.46", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.17.14", "lessThanOrEqual": "5.17.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.18.3", "lessThanOrEqual": "5.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.19", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "5.4.198"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "5.10.121"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "5.15.46"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "5.17.14"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "5.18.3"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.0", "versionEndExcluding": "5.19"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/b1cda6dd2c44771f042d65f0d17bec322ef99a0a"}, {"url": "https://git.kernel.org/stable/c/c072cab98bac11f6ef9db640fb51834d9552e2e6"}, {"url": "https://git.kernel.org/stable/c/65237307f88f5200782ae7f243bdd385e37cde5d"}, {"url": "https://git.kernel.org/stable/c/b34786b25d75f9c119696e6bdf3827f54ae3601b"}, {"url": "https://git.kernel.org/stable/c/1f7264f0510f519b4e4f575a8f0579ea65e7592e"}, {"url": "https://git.kernel.org/stable/c/155ca952c7ca19aa32ecfb7373a32bbc2e1ec6eb"}], "title": "efi: Do not import certificates from UEFI Secure Boot for T2 Macs", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: Do not import certificates from UEFI Secure Boot for T2 Macs\n\nOn Apple T2 Macs, when Linux attempts to read the db and dbx efi variables\nat early boot to load UEFI Secure Boot certificates, a page fault occurs\nin Apple firmware code and EFI runtime services are disabled with the\nfollowing logs:\n\n[Firmware Bug]: Page fault caused by firmware at PA: 0xffffb1edc0068000\nWARNING: CPU: 3 PID: 104 at arch/x86/platform/efi/quirks.c:735 efi_crash_gracefully_on_page_fault+0x50/0xf0\n(Removed some logs from here)\nCall Trace:\n <TASK>\n page_fault_oops+0x4f/0x2c0\n ? search_bpf_extables+0x6b/0x80\n ? search_module_extables+0x50/0x80\n ? search_exception_tables+0x5b/0x60\n kernelmode_fixup_or_oops+0x9e/0x110\n __bad_area_nosemaphore+0x155/0x190\n bad_area_nosemaphore+0x16/0x20\n do_kern_addr_fault+0x8c/0xa0\n exc_page_fault+0xd8/0x180\n asm_exc_page_fault+0x1e/0x30\n(Removed some logs from here)\n ? __efi_call+0x28/0x30\n ? switch_mm+0x20/0x30\n ? efi_call_rts+0x19a/0x8e0\n ? process_one_work+0x222/0x3f0\n ? worker_thread+0x4a/0x3d0\n ? kthread+0x17a/0x1a0\n ? process_one_work+0x3f0/0x3f0\n ? set_kthread_struct+0x40/0x40\n ? ret_from_fork+0x22/0x30\n </TASK>\n---[ end trace 1f82023595a5927f ]---\nefi: Froze efi_rts_wq and disabled EFI Runtime Services\nintegrity: Couldn't get size: 0x8000000000000015\nintegrity: MODSIGN: Couldn't get UEFI db list\nefi: EFI Runtime Services are disabled!\nintegrity: Couldn't get size: 0x8000000000000015\nintegrity: Couldn't get UEFI dbx list\nintegrity: Couldn't get size: 0x8000000000000015\nintegrity: Couldn't get mokx list\nintegrity: Couldn't get size: 0x80000000\n\nSo we avoid reading these UEFI variables and thus prevent the crash."}], "id": "CVE-2022-49357", "lastModified": "2025-02-26T07:01:12.390", "metrics": {}, "published": "2025-02-26T07:01:12.390", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/155ca952c7ca19aa32ecfb7373a32bbc2e1ec6eb"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/1f7264f0510f519b4e4f575a8f0579ea65e7592e"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/65237307f88f5200782ae7f243bdd385e37cde5d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b1cda6dd2c44771f042d65f0d17bec322ef99a0a"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/b34786b25d75f9c119696e6bdf3827f54ae3601b"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/c072cab98bac11f6ef9db640fb51834d9552e2e6"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Received"}

{"bugzilla": {"description": "kernel: efi: Do not import certificates from UEFI Secure Boot for T2 Macs", "id": "2348238", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2348238"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.1", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H", "status": "draft"}, "cwe": "CWE-99", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nefi: Do not import certificates from UEFI Secure Boot for T2 Macs\nOn Apple T2 Macs, when Linux attempts to read the db and dbx efi variables\nat early boot to load UEFI Secure Boot certificates, a page fault occurs\nin Apple firmware code and EFI runtime services are disabled with the\nfollowing logs:\n[Firmware Bug]: Page fault caused by firmware at PA: 0xffffb1edc0068000\nWARNING: CPU: 3 PID: 104 at arch/x86/platform/efi/quirks.c:735 efi_crash_gracefully_on_page_fault+0x50/0xf0\n(Removed some logs from here)\nCall Trace:\n<TASK>\npage_fault_oops+0x4f/0x2c0\n? search_bpf_extables+0x6b/0x80\n? search_module_extables+0x50/0x80\n? search_exception_tables+0x5b/0x60\nkernelmode_fixup_or_oops+0x9e/0x110\n__bad_area_nosemaphore+0x155/0x190\nbad_area_nosemaphore+0x16/0x20\ndo_kern_addr_fault+0x8c/0xa0\nexc_page_fault+0xd8/0x180\nasm_exc_page_fault+0x1e/0x30\n(Removed some logs from here)\n? __efi_call+0x28/0x30\n? switch_mm+0x20/0x30\n? efi_call_rts+0x19a/0x8e0\n? process_one_work+0x222/0x3f0\n? worker_thread+0x4a/0x3d0\n? kthread+0x17a/0x1a0\n? process_one_work+0x3f0/0x3f0\n? set_kthread_struct+0x40/0x40\n? ret_from_fork+0x22/0x30\n</TASK>\n---[ end trace 1f82023595a5927f ]---\nefi: Froze efi_rts_wq and disabled EFI Runtime Services\nintegrity: Couldn't get size: 0x8000000000000015\nintegrity: MODSIGN: Couldn't get UEFI db list\nefi: EFI Runtime Services are disabled!\nintegrity: Couldn't get size: 0x8000000000000015\nintegrity: Couldn't get UEFI dbx list\nintegrity: Couldn't get size: 0x8000000000000015\nintegrity: Couldn't get mokx list\nintegrity: Couldn't get size: 0x80000000\nSo we avoid reading these UEFI variables and thus prevent the crash."], "name": "CVE-2022-49357", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Out of support scope", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-02-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-49357\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49357\nhttps://lore.kernel.org/linux-cve-announce/2025022643-CVE-2022-49357-9dc8@gregkh/T"], "threat_severity": "Moderate"}