Bug 2414477 (CVE-2025-40157) - CVE-2025-40157 kernel: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller
Summary: CVE-2025-40157 kernel: EDAC/i10nm: Skip DIMM enumeration on a disabled memory...
Keywords:
Status: NEW
Alias: CVE-2025-40157
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-11-12 11:02 UTC by OSIDB Bzimport
Modified: 2025-11-17 18:27 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-11-12 11:02:22 UTC 
In the Linux kernel, the following vulnerability has been resolved:

EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller

When loading the i10nm_edac driver on some Intel Granite Rapids servers,
a call trace may appear as follows:

  UBSAN: shift-out-of-bounds in drivers/edac/skx_common.c:453:16
  shift exponent -66 is negative
  ...
  __ubsan_handle_shift_out_of_bounds+0x1e3/0x390
  skx_get_dimm_info.cold+0x47/0xd40 [skx_edac_common]
  i10nm_get_dimm_config+0x23e/0x390 [i10nm_edac]
  skx_register_mci+0x159/0x220 [skx_edac_common]
  i10nm_init+0xcb0/0x1ff0 [i10nm_edac]
  ...

This occurs because some BIOS may disable a memory controller if there
aren't any memory DIMMs populated on this memory controller. The DIMMMTR
register of this disabled memory controller contains the invalid value
~0, resulting in the call trace above.

Fix this call trace by skipping DIMM enumeration on a disabled memory
controller.
Comment 1 Alexander B 2025-11-13 16:11:48 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025111258-CVE-2025-40157-d08c@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.