CVE-2022-48879 is a vulnerability identified in the Linux kernel related to the EFI (Extensible Firmware Interface) initialization process. Specifically, the flaw occurs in the error handling path during EFI initialization when runtime services are either unsupported or disabled. Under these conditions, the runtime services workqueue, which is normally allocated to manage EFI runtime service calls, is never created. The vulnerability arises because the kernel attempts to unconditionally destroy this workqueue during error cleanup, leading to a NULL pointer dereference. This dereference can cause a kernel panic or system crash, resulting in a denial of service (DoS) condition. The issue is rooted in improper error path handling and lack of validation before freeing the workqueue resource. The vulnerability affects multiple Linux kernel versions, as indicated by the commit hashes listed, and was publicly disclosed on August 21, 2024. No known exploits are currently reported in the wild, and no CVSS score has been assigned. The flaw does not appear to allow privilege escalation or code execution but can disrupt system availability by crashing the kernel during EFI initialization failures.

For European organizations, the primary impact of CVE-2022-48879 is the potential for denial of service on Linux-based systems that utilize EFI firmware and have runtime services disabled or unsupported. This could affect servers, workstations, and embedded devices running vulnerable Linux kernels. Systems that rely on EFI for boot and runtime services may experience unexpected crashes during boot or runtime EFI initialization failures, leading to downtime and operational disruption. Critical infrastructure, cloud service providers, and enterprises with Linux-based environments could face service interruptions, impacting business continuity. However, since exploitation requires EFI initialization failure conditions and no remote exploit is known, the risk of widespread attacks is currently low. The vulnerability is more relevant in environments where EFI runtime services are disabled or malfunctioning, which may be more common in customized or embedded Linux deployments. Confidentiality and integrity are not directly impacted, but availability degradation could have cascading effects on dependent services and applications.

To mitigate CVE-2022-48879, organizations should apply the official Linux kernel patches that fix the NULL pointer dereference in the EFI initialization error path as soon as they become available. Kernel upgrades to the fixed versions or backported patches should be prioritized, especially for systems using EFI firmware. System administrators should audit their Linux deployments to identify systems with EFI runtime services disabled or unsupported, as these are the most susceptible to this issue. Implementing robust monitoring for kernel panics and EFI initialization errors can help detect attempts to trigger this vulnerability. Additionally, testing kernel updates in staging environments to ensure compatibility with EFI configurations is recommended. For embedded or customized Linux systems, firmware and kernel integration should be reviewed to ensure proper handling of EFI runtime services. As a precaution, organizations should maintain regular backups and have recovery procedures ready to minimize downtime in case of crashes. Network segmentation and limiting access to critical Linux systems can reduce the risk of exploitation attempts, even though no remote exploits are known.