CVE-2025-40157
Description
In the Linux kernel, the following vulnerability has been resolved:
EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller
When loading the i10nm_edac driver on some Intel Granite Rapids servers, a call trace may appear as follows:
UBSAN: shift-out-of-bounds in drivers/edac/skx_common.c:453:16 shift exponent -66 is negative ... __ubsan_handle_shift_out_of_bounds+0x1e3/0x390 skx_get_dimm_info.cold+0x47/0xd40 [skx_edac_common] i10nm_get_dimm_config+0x23e/0x390 [i10nm_edac] skx_register_mci+0x159/0x220 [skx_edac_common] i10nm_init+0xcb0/0x1ff0 [i10nm_edac] ...
This occurs because some BIOS may disable a memory controller if there aren't any memory DIMMs populated on this memory controller. The DIMMMTR register of this disabled memory controller contains the invalid value ~0, resulting in the call trace above.
Fix this call trace by skipping DIMM enumeration on a disabled memory controller.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
In the Linux kernel, a shift-out-of-bounds bug in the EDAC/i10nm driver is fixed by skipping DIMM enumeration on disabled memory controllers.
Vulnerability
Overview
The vulnerability resides in the Linux kernel's EDAC (Error Detection and Correction) subsystem, specifically in the i10nm_edac driver for Intel Granite Rapids servers. The bug is a shift-out-of-bounds condition triggered when the driver attempts to read the DIMMMTR register on a memory controller that has been disabled by the BIOS due to no populated DIMMs. Such a disabled controller returns an invalid value (~0) in the register, and the driver's code in skx_common.c:453 performs a bit shift operation using a negative exponent derived from that value, leading to undefined behavior and a kernel call trace.
Exploitation and
Attack Surface
Exploitation requires a system where a BIOS has disabled a memory controller, which can happen normally without any malicious intent. An attacker would need local access to the system (or the ability to trigger loading of the i10nm_edac driver, which typically occurs during boot or when the module is inserted). No special privileges beyond the ability to load the kernel module are needed, but the bug manifests during normal kernel operations, making it a denial-of-service vector. The issue is not remotely exploitable without existing local access.
Impact
When triggered, the UBSAN warning leads to a kernel panic or crash, causing a denial of service on the affected server. This can disrupt critical data center operations, especially in environments relying on Granite Rapids servers with disabled memory controllers. The vulnerability itself does not allow for arbitrary code execution or data corruption; it primarily affects system availability.
Mitigation
The fix has been applied in the Linux kernel stable tree via commit c20da24272f1 (as cited in [1]). This commit modifies the i10nm_get_dimm_config function to check whether the memory controller is disabled (by inspecting the DIMMMTR register value) and skip enumeration of DIMMs on that controller, preventing the invalid shift operation. All users of the i10nm_edac driver (likely those running Granite Rapids systems) should update to a kernel version containing this fix. No workaround besides disabling the affected driver (which would impact ECC reporting) is available.
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
48100b6c0f9081652f14cf3bec20da24272f12e6fe1bbefd9Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4News mentions
0No linked articles in our index yet.