CVE-2022-50720
Unknown Unknown - Not Provided
APIC Mode Lock Bypass in Linux Kernel Risks SGX Data Leak

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: x86/apic: Don't disable x2APIC if locked The APIC supports two modes, legacy APIC (or xAPIC), and Extended APIC (or x2APIC). X2APIC mode is mostly compatible with legacy APIC, but it disables the memory-mapped APIC interface in favor of one that uses MSRs. The APIC mode is controlled by the EXT bit in the APIC MSR. The MMIO/xAPIC interface has some problems, most notably the APIC LEAK [1]. This bug allows an attacker to use the APIC MMIO interface to extract data from the SGX enclave. Introduce support for a new feature that will allow the BIOS to lock the APIC in x2APIC mode. If the APIC is locked in x2APIC mode and the kernel tries to disable the APIC or revert to legacy APIC mode a GP fault will occur. Introduce support for a new MSR (IA32_XAPIC_DISABLE_STATUS) and handle the new locked mode when the LEGACY_XAPIC_DISABLED bit is set by preventing the kernel from trying to disable the x2APIC. On platforms with the IA32_XAPIC_DISABLE_STATUS MSR, if SGX or TDX are enabled the LEGACY_XAPIC_DISABLED will be set by the BIOS. If legacy APIC is required, then it SGX and TDX need to be disabled in the BIOS. [1]: https://aepicleak.com/aepicleak.pdf
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-05-07
AI Q&A
2025-12-24
EPSS Evaluated
2026-05-05
NVD
CVE-2022-50720
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the Linux kernel's handling of the APIC (Advanced Programmable Interrupt Controller) modes, specifically the x2APIC mode. The APIC supports two modes: legacy APIC (xAPIC) and extended APIC (x2APIC). The x2APIC mode disables the memory-mapped APIC interface in favor of one using MSRs. The vulnerability arises because the kernel could disable x2APIC mode even if it was locked by the BIOS, which could lead to a general protection fault (GP fault). Additionally, the legacy APIC MMIO interface has known issues, such as the APIC LEAK, which allows attackers to extract data from SGX enclaves. The fix introduces a new MSR (IA32_XAPIC_DISABLE_STATUS) to detect if the APIC is locked in x2APIC mode and prevents the kernel from disabling it improperly.


How can this vulnerability impact me? :

If the kernel disables the x2APIC mode when it is locked by the BIOS, it can cause a general protection fault, potentially leading to system instability or crashes. Moreover, the legacy APIC MMIO interface has a known vulnerability (APIC LEAK) that can be exploited to extract sensitive data from SGX enclaves, which could lead to data leakage or compromise of secure environments.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure that the BIOS locks the APIC in x2APIC mode by setting the LEGACY_XAPIC_DISABLED bit via the IA32_XAPIC_DISABLE_STATUS MSR. If your platform requires legacy APIC mode, you must disable SGX and TDX in the BIOS. This prevents the kernel from disabling x2APIC mode and avoids the associated security risk.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart