CVE-2022-50720
Description
In the Linux kernel, the following vulnerability has been resolved:
x86/apic: Don't disable x2APIC if locked
The APIC supports two modes, legacy APIC (or xAPIC), and Extended APIC (or x2APIC). X2APIC mode is mostly compatible with legacy APIC, but it disables the memory-mapped APIC interface in favor of one that uses MSRs. The APIC mode is controlled by the EXT bit in the APIC MSR.
The MMIO/xAPIC interface has some problems, most notably the APIC LEAK [1]. This bug allows an attacker to use the APIC MMIO interface to extract data from the SGX enclave.
Introduce support for a new feature that will allow the BIOS to lock the APIC in x2APIC mode. If the APIC is locked in x2APIC mode and the kernel tries to disable the APIC or revert to legacy APIC mode a GP fault will occur.
Introduce support for a new MSR (IA32_XAPIC_DISABLE_STATUS) and handle the new locked mode when the LEGACY_XAPIC_DISABLED bit is set by preventing the kernel from trying to disable the x2APIC.
On platforms with the IA32_XAPIC_DISABLE_STATUS MSR, if SGX or TDX are enabled the LEGACY_XAPIC_DISABLED will be set by the BIOS. If legacy APIC is required, then it SGX and TDX need to be disabled in the BIOS.
[1]: https://aepicleak.com/aepicleak.pdf
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper handling of locked x2APIC mode in Linux kernel allows bypassing SGX/TDX protections via legacy APIC interface.
Vulnerability
Overview
In the Linux kernel, CVE-2022-50720 addresses a flaw in the x86 APIC subsystem where the kernel could attempt to disable x2APIC mode or switch back to legacy xAPIC mode even when the system firmware (BIOS) has locked the APIC in x2APIC mode. This locking is performed by setting the LEGACY_XAPIC_DISABLED bit in the IA32_XAPIC_DISABLE_STATUS MSR, typically on platforms where Intel SGX or TDX are enabled [1].
Attack
Vector and Exploitation
If the kernel disregards the locked state and tries to revert to legacy APIC mode, a general protection fault (GP fault) would occur, potentially crashing the system or disrupting the secure execution environments like SGX enclaves. The MMIO-based xAPIC interface is known to have security issues, notably the APIC leak vulnerability [2], which can allow an attacker to extract sensitive data from SGX enclaves. By forcing the APIC into legacy mode, an attacker could exploit this interface to bypass protections enforced by SGX or TDX.
Potential
Impact
An attacker with local access or the ability to trigger a kernel operation that disables x2APIC could cause a denial of service (system crash) or, in scenarios where x2APIC is not properly locked, could degrade the security of memory encryption technologies like SGX and TDX. The vulnerability underscores the importance of ensuring the kernel respects BIOS-level locks on APIC mode to maintain the security guarantees of these hardware features.
Mitigation
Status
The fix introduces checks that prevent the kernel from disabling x2APIC or reverting to legacy mode when the BIOS has locked it. This is achieved by reading the IA32_XAPIC_DISABLE_STATUS MSR and avoiding operations that would cause a GP fault. Users should apply the kernel patch referenced in [1] to ensure their systems correctly handle locked x2APIC configurations.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
305785ba834f2dd1241e00addb8d1d163604bVulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
3News mentions
0No linked articles in our index yet.