CVE-2022-49357 is a vulnerability identified in the Linux kernel related to the handling of UEFI Secure Boot variables on Apple T2 Macs. Specifically, when Linux attempts to read the 'db' and 'dbx' EFI variables during early boot to load UEFI Secure Boot certificates, a page fault occurs within the Apple firmware code. This fault leads to the disabling of EFI runtime services, which are critical for certain system operations and security features. The root cause is that the Apple T2 chip firmware does not properly handle these EFI variable reads, causing a memory access violation (page fault) at a physical address within firmware space. The Linux kernel logs indicate a crash in the EFI quirks handling code, followed by the freezing of the EFI runtime services work queue and disabling of EFI runtime services altogether. This results in the inability to retrieve UEFI Secure Boot certificate lists such as 'db', 'dbx', and 'mokx', which are essential for verifying the integrity and authenticity of boot components. The vulnerability does not appear to allow direct code execution or privilege escalation but causes a denial of service of EFI runtime services, potentially impacting system security features reliant on these services. The fix implemented avoids reading these problematic UEFI variables on Apple T2 Macs, thereby preventing the page fault and maintaining EFI runtime service availability. There are no known exploits in the wild, and no CVSS score has been assigned to this vulnerability as of the publication date.

For European organizations, the impact of CVE-2022-49357 is primarily operational and security-related rather than directly exploitable for compromise. Organizations using Linux on Apple T2 Macs may experience EFI runtime services being disabled during boot, which can affect system integrity checks, secure boot validation, and other firmware-dependent security mechanisms. This could lead to reduced trust in the boot process and potentially complicate compliance with security policies that require secure boot enforcement. Additionally, some security features relying on EFI runtime services, such as kernel module signature verification or measured boot, may not function correctly, increasing the risk surface. However, since the vulnerability does not allow arbitrary code execution or privilege escalation, the confidentiality and integrity of data are not directly threatened by this flaw. The denial of EFI runtime services could cause system instability or boot issues in affected environments, impacting availability. European organizations with Apple hardware running Linux, especially in sectors requiring high security such as finance, government, or critical infrastructure, should be aware of this issue to maintain system reliability and security posture.

To mitigate CVE-2022-49357, organizations should ensure that Linux kernel versions deployed on Apple T2 Macs include the patch that avoids reading the problematic UEFI variables ('db' and 'dbx') during early boot. This can be achieved by updating to the latest stable Linux kernel releases where this fix is incorporated. System administrators should audit their environments to identify Apple T2 Mac devices running Linux and prioritize patching these systems. Additionally, organizations should monitor boot logs for EFI runtime service errors or warnings indicative of this issue. Where possible, consider alternative hardware platforms for Linux workloads requiring secure boot features until the firmware or kernel fully supports Apple T2 Macs without issues. For environments requiring secure boot enforcement, implement compensating controls such as enhanced endpoint security monitoring and integrity verification tools that do not rely solely on EFI runtime services. Finally, maintain close coordination with Linux distribution vendors and Apple for firmware updates that may address the root cause in Apple T2 firmware.