CVE-2023-53474

EPSS 0.02%
Veröffentlicht 01.10.2025 12:15:49
Zuletzt bearbeitet 20.01.2026 16:55:02
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

x86/MCE/AMD: Use an u64 for bank_map

Thee maximum number of MCA banks is 64 (MAX_NR_BANKS), see

  a0bc32b3cacf ("x86/mce: Increase maximum number of banks to 64").

However, the bank_map which contains a bitfield of which banks to
initialize is of type unsigned int and that overflows when those bit
numbers are >= 32, leading to UBSAN complaining correctly:

  UBSAN: shift-out-of-bounds in arch/x86/kernel/cpu/mce/amd.c:1365:38
  shift exponent 32 is too large for 32-bit type 'int'

Change the bank_map to a u64 and use the proper BIT_ULL() macro when
modifying bits in there.

  [ bp: Rewrite commit message. ]

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version >= 5.10 < 5.10.180

Linux ≫ Linux Kernel Version >= 5.11 < 5.15.111

Linux ≫ Linux Kernel Version >= 5.16 < 6.1.28

Linux ≫ Linux Kernel Version >= 6.2 < 6.2.15

Linux ≫ Linux Kernel Version >= 6.3 < 6.3.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.053

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://git.kernel.org/stable/c/11c58a0c1937c157dbdf82d5ab634d68c99f3098

Patch

https://git.kernel.org/stable/c/4c1cdec319b9aadb65737c3eb1f5cb74bd6aa156

Patch

https://git.kernel.org/stable/c/67bb7521b6420d81dab7538c0686f18f7d6d09f4

Patch

https://git.kernel.org/stable/c/9669fa17287c3af2bbd4868d4c8fdd9e57f8332e

Patch

https://git.kernel.org/stable/c/a9b9ea0e63a0ec5e97bf1219ab6dcbd55e362f83

Patch

https://git.kernel.org/stable/c/ba8ffb1251eb629c2ec35220e3896cf4f7b888a7

Patch

https://nvd.nist.gov/vuln/detail/CVE-2023-53474

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-53474

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-53474

EUVD