CVE-2022-48769

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> efi: runtime: avoid EFIv2 runtime services on Apple x86 machines<br /> <br /> Aditya reports [0] that his recent MacbookPro crashes in the firmware<br /> when using the variable services at runtime. The culprit appears to be a<br /> call to QueryVariableInfo(), which we did not use to call on Apple x86<br /> machines in the past as they only upgraded from EFI v1.10 to EFI v2.40<br /> firmware fairly recently, and QueryVariableInfo() (along with<br /> UpdateCapsule() et al) was added in EFI v2.00.<br /> <br /> The only runtime service introduced in EFI v2.00 that we actually use in<br /> Linux is QueryVariableInfo(), as the capsule based ones are optional,<br /> generally not used at runtime (all the LVFS/fwupd firmware update<br /> infrastructure uses helper EFI programs that invoke capsule update at<br /> boot time, not runtime), and not implemented by Apple machines in the<br /> first place. QueryVariableInfo() is used to &amp;#39;safely&amp;#39; set variables,<br /> i.e., only when there is enough space. This prevents machines with buggy<br /> firmwares from corrupting their NVRAMs when they run out of space.<br /> <br /> Given that Apple machines have been using EFI v1.10 services only for<br /> the longest time (the EFI v2.0 spec was released in 2006, and Linux<br /> support for the newly introduced runtime services was added in 2011, but<br /> the MacbookPro12,1 released in 2015 still claims to be EFI v1.10 only),<br /> let&amp;#39;s avoid the EFI v2.0 ones on all Apple x86 machines.<br /> <br /> [0] https://lore.kernel.org/all/6D757C75-65B1-468B-842D-10410081A8E4@live.com/