SB2025100191 - Out-of-bounds write in Linux kernel cpu mce
Published: October 1, 2025 Updated: October 27, 2025
Security Bulletin ID
SB2025100191
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds write (CVE-ID: CVE-2023-53474)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to an out-of-bounds write within the DEFINE_PER_CPU(), smca_set_misc_banks_map(), smca_get_block_address(), prepare_threshold_block(), amd_threshold_interrupt() and mce_threshold_create_device() functions in arch/x86/kernel/cpu/mce/amd.c. A local user can execute arbitrary code.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/11c58a0c1937c157dbdf82d5ab634d68c99f3098
- https://git.kernel.org/stable/c/4c1cdec319b9aadb65737c3eb1f5cb74bd6aa156
- https://git.kernel.org/stable/c/67bb7521b6420d81dab7538c0686f18f7d6d09f4
- https://git.kernel.org/stable/c/9669fa17287c3af2bbd4868d4c8fdd9e57f8332e
- https://git.kernel.org/stable/c/a9b9ea0e63a0ec5e97bf1219ab6dcbd55e362f83
- https://git.kernel.org/stable/c/ba8ffb1251eb629c2ec35220e3896cf4f7b888a7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.28