{ "threat_severity" : "Low", "public_date" : "2025-12-24T00:00:00Z", "bugzilla" : { "description" : "kernel: x86/apic: Don't disable x2APIC if locked", "id" : "2425047", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2425047" }, "cvss3" : { "cvss3_base_score" : "4.4", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-617", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nx86/apic: Don't disable x2APIC if locked\nThe APIC supports two modes, legacy APIC (or xAPIC), and Extended APIC\n(or x2APIC). X2APIC mode is mostly compatible with legacy APIC, but\nit disables the memory-mapped APIC interface in favor of one that uses\nMSRs. The APIC mode is controlled by the EXT bit in the APIC MSR.\nThe MMIO/xAPIC interface has some problems, most notably the APIC LEAK\n[1]. This bug allows an attacker to use the APIC MMIO interface to\nextract data from the SGX enclave.\nIntroduce support for a new feature that will allow the BIOS to lock\nthe APIC in x2APIC mode. If the APIC is locked in x2APIC mode and the\nkernel tries to disable the APIC or revert to legacy APIC mode a GP\nfault will occur.\nIntroduce support for a new MSR (IA32_XAPIC_DISABLE_STATUS) and handle\nthe new locked mode when the LEGACY_XAPIC_DISABLED bit is set by\npreventing the kernel from trying to disable the x2APIC.\nOn platforms with the IA32_XAPIC_DISABLE_STATUS MSR, if SGX or TDX are\nenabled the LEGACY_XAPIC_DISABLED will be set by the BIOS. If\nlegacy APIC is required, then it SGX and TDX need to be disabled in the\nBIOS.\n[1]: https://aepicleak.com/aepicleak.pdf" ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2024-11-12T00:00:00Z", "advisory" : "RHSA-2024:9315", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-503.11.1.el9_5" }, { "product_name" : "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date" : "2024-10-30T00:00:00Z", "advisory" : "RHSA-2024:8613", "cpe" : "cpe:/a:redhat:rhel_eus:9.2", "package" : "kernel-0:5.14.0-284.90.1.el9_2" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 10", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:10" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Out of support scope", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-50720\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-50720\nhttps://lore.kernel.org/linux-cve-announce/2025122417-CVE-2022-50720-0297@gregkh/T" ], "name" : "CVE-2022-50720", "csaw" : false }