Bug 2400818 (CVE-2023-53474) - CVE-2023-53474 kernel: x86/MCE/AMD: Use an u64 for bank_map
Summary: CVE-2023-53474 kernel: x86/MCE/AMD: Use an u64 for bank_map
Keywords:
Status: NEW
Alias: CVE-2023-53474
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-10-01 12:09 UTC by OSIDB Bzimport
Modified: 2025-10-06 17:31 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2025-10-01 12:09:06 UTC 
In the Linux kernel, the following vulnerability has been resolved:

x86/MCE/AMD: Use an u64 for bank_map

Thee maximum number of MCA banks is 64 (MAX_NR_BANKS), see

  a0bc32b3cacf ("x86/mce: Increase maximum number of banks to 64").

However, the bank_map which contains a bitfield of which banks to
initialize is of type unsigned int and that overflows when those bit
numbers are >= 32, leading to UBSAN complaining correctly:

  UBSAN: shift-out-of-bounds in arch/x86/kernel/cpu/mce/amd.c:1365:38
  shift exponent 32 is too large for 32-bit type 'int'

Change the bank_map to a u64 and use the proper BIT_ULL() macro when
modifying bits in there.

  [ bp: Rewrite commit message. ]
Comment 1 Jon Moroney 2025-10-01 17:45:19 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2025100110-CVE-2023-53474-b2ae@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.