PT-2025-8291 · Linux+5 · Linux Kernel+5

Published

2022-05-15

Updated

2025-11-12

CVE-2022-49357

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description A vulnerability in the Linux kernel has been resolved, which occurred on Apple T2 Macs when attempting to read the db and dbx efi variables at early boot to load UEFI Secure Boot certificates. This caused a page fault in Apple firmware code, resulting in EFI runtime services being disabled. The issue was addressed by avoiding the reading of these UEFI variables, thus preventing the crash.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

ALSA-2025:20518

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALSA-2025_18281

ALSA-2025_19102

ALSA-2025_19103

ALSA-2025_19409

ALSA-2025_20518

BDU:2026-02567

CVE-2022-49357

INFSA-2025_20518

OPENSUSE-SU-2025_1263-1

RHSA-2025:20518

RHSA-2025_20518

SUSE-SU-2025:1027-1

SUSE-SU-2025:1176-1

SUSE-SU-2025:1183-1

SUSE-SU-2025:1194-1

SUSE-SU-2025:1241-1

SUSE-SU-2025:1263-1

SUSE-SU-2025_1027-1

SUSE-SU-2025_1241-1

SUSE-SU-2025_1263-1

Affected Products

Almalinux

Astra Linux

Linux Kernel

Red Hat

Rocky Linux

Suse

PT-2025-8291 · Linux+5 · Linux Kernel+5

CVE-2022-49357

Weakness Enumeration

Related Identifiers

Affected Products

References · 1579