CVE-2022-48769

{"id": "CVE-2022-48769", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2024-06-20T12:15:14.870", "references": [{"url": "https://git.kernel.org/stable/c/3df52448978802ae15dcebf66beba1029df957b4", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a4085859411c825c321c9b55b8a9dc5a128a6684", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/b0f1cc093bc2493ac259c53766fd2b800e085807", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/f5390cd0b43c2e54c7cf5506c7da4a37c5cef746", "tags": ["Patch"], "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/3df52448978802ae15dcebf66beba1029df957b4", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/a4085859411c825c321c9b55b8a9dc5a128a6684", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/b0f1cc093bc2493ac259c53766fd2b800e085807", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://git.kernel.org/stable/c/f5390cd0b43c2e54c7cf5506c7da4a37c5cef746", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nefi: runtime: avoid EFIv2 runtime services on Apple x86 machines\n\nAditya reports [0] that his recent MacbookPro crashes in the firmware\nwhen using the variable services at runtime. The culprit appears to be a\ncall to QueryVariableInfo(), which we did not use to call on Apple x86\nmachines in the past as they only upgraded from EFI v1.10 to EFI v2.40\nfirmware fairly recently, and QueryVariableInfo() (along with\nUpdateCapsule() et al) was added in EFI v2.00.\n\nThe only runtime service introduced in EFI v2.00 that we actually use in\nLinux is QueryVariableInfo(), as the capsule based ones are optional,\ngenerally not used at runtime (all the LVFS/fwupd firmware update\ninfrastructure uses helper EFI programs that invoke capsule update at\nboot time, not runtime), and not implemented by Apple machines in the\nfirst place. QueryVariableInfo() is used to 'safely' set variables,\ni.e., only when there is enough space. This prevents machines with buggy\nfirmwares from corrupting their NVRAMs when they run out of space.\n\nGiven that Apple machines have been using EFI v1.10 services only for\nthe longest time (the EFI v2.0 spec was released in 2006, and Linux\nsupport for the newly introduced runtime services was added in 2011, but\nthe MacbookPro12,1 released in 2015 still claims to be EFI v1.10 only),\nlet's avoid the EFI v2.0 ones on all Apple x86 machines.\n\n[0] https://lore.kernel.org/all/6D757C75-65B1-468B-842D-10410081A8E4@live.com/"}, {"lang": "es", "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: efi: runtime: evite los servicios de tiempo de ejecuci\u00f3n EFIv2 en m\u00e1quinas Apple x86 Aditya informa [0] que su reciente MacbookPro falla en el firmware cuando usa los servicios variables en tiempo de ejecuci\u00f3n. El culpable parece ser una llamada a QueryVariableInfo(), que no utilizamos para llamar a m\u00e1quinas Apple x86 en el pasado, ya que recientemente se actualizaron del firmware EFI v1.10 al firmware EFI v2.40, y QueryVariableInfo() (junto con con UpdateCapsule() et al) se agreg\u00f3 en EFI v2.00. El \u00fanico servicio de tiempo de ejecuci\u00f3n introducido en EFI v2.00 que realmente usamos en Linux es QueryVariableInfo(), ya que los basados en c\u00e1psulas son opcionales y generalmente no se usan en tiempo de ejecuci\u00f3n (toda la infraestructura de actualizaci\u00f3n de firmware LVFS/fwupd utiliza programas EFI auxiliares que invocan la c\u00e1psula). actualizar en el momento del arranque, no en el tiempo de ejecuci\u00f3n) y, en primer lugar, no lo implementan las m\u00e1quinas Apple. QueryVariableInfo() se utiliza para establecer variables de forma \"segura\", es decir, s\u00f3lo cuando hay suficiente espacio. Esto evita que las m\u00e1quinas con firmwares defectuosos da\u00f1en sus NVRAM cuando se quedan sin espacio. Dado que las m\u00e1quinas Apple han estado usando los servicios EFI v1.10 solo durante m\u00e1s tiempo (la especificaci\u00f3n EFI v2.0 se lanz\u00f3 en 2006 y el soporte de Linux para los servicios de ejecuci\u00f3n recientemente introducidos se agreg\u00f3 en 2011, pero el MacbookPro12,1 se lanz\u00f3 en 2015 todav\u00eda afirma ser solo EFI v1.10), evitemos los EFI v2.0 en todas las m\u00e1quinas Apple x86. [0] https://lore.kernel.org/all/6D757C75-65B1-468B-842D-10410081A8E4@live.com/"}], "lastModified": "2025-09-29T18:35:39.223", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0E7DB9A-BB54-44D1-AE8D-0293E78BCF8B", "versionEndExcluding": "5.10.96"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DF69DD7C-FD57-4914-ABB0-FAEF87B0289D", "versionEndExcluding": "5.15.19", "versionStartIncluding": "5.11"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1AD9E77E-B27E-450C-8FD8-B64EC5FB002D", "versionEndExcluding": "5.16.5", "versionStartIncluding": "5.16"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:5.17:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BD5F8D9-54FA-4CB0-B4F0-CB0471FDDB2D"}], "operator": "OR"}]}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}