CVE-2022-49357

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> efi: Do not import certificates from UEFI Secure Boot for T2 Macs<br /> <br /> On Apple T2 Macs, when Linux attempts to read the db and dbx efi variables<br /> at early boot to load UEFI Secure Boot certificates, a page fault occurs<br /> in Apple firmware code and EFI runtime services are disabled with the<br /> following logs:<br /> <br /> [Firmware Bug]: Page fault caused by firmware at PA: 0xffffb1edc0068000<br /> WARNING: CPU: 3 PID: 104 at arch/x86/platform/efi/quirks.c:735 efi_crash_gracefully_on_page_fault+0x50/0xf0<br /> (Removed some logs from here)<br /> Call Trace:<br /> <br /> page_fault_oops+0x4f/0x2c0<br /> ? search_bpf_extables+0x6b/0x80<br /> ? search_module_extables+0x50/0x80<br /> ? search_exception_tables+0x5b/0x60<br /> kernelmode_fixup_or_oops+0x9e/0x110<br /> __bad_area_nosemaphore+0x155/0x190<br /> bad_area_nosemaphore+0x16/0x20<br /> do_kern_addr_fault+0x8c/0xa0<br /> exc_page_fault+0xd8/0x180<br /> asm_exc_page_fault+0x1e/0x30<br /> (Removed some logs from here)<br /> ? __efi_call+0x28/0x30<br /> ? switch_mm+0x20/0x30<br /> ? efi_call_rts+0x19a/0x8e0<br /> ? process_one_work+0x222/0x3f0<br /> ? worker_thread+0x4a/0x3d0<br /> ? kthread+0x17a/0x1a0<br /> ? process_one_work+0x3f0/0x3f0<br /> ? set_kthread_struct+0x40/0x40<br /> ? ret_from_fork+0x22/0x30<br /> <br /> ---[ end trace 1f82023595a5927f ]---<br /> efi: Froze efi_rts_wq and disabled EFI Runtime Services<br /> integrity: Couldn&amp;#39;t get size: 0x8000000000000015<br /> integrity: MODSIGN: Couldn&amp;#39;t get UEFI db list<br /> efi: EFI Runtime Services are disabled!<br /> integrity: Couldn&amp;#39;t get size: 0x8000000000000015<br /> integrity: Couldn&amp;#39;t get UEFI dbx list<br /> integrity: Couldn&amp;#39;t get size: 0x8000000000000015<br /> integrity: Couldn&amp;#39;t get mokx list<br /> integrity: Couldn&amp;#39;t get size: 0x80000000<br /> <br /> So we avoid reading these UEFI variables and thus prevent the crash.