Linux Kernel Bank Map Overflow Vulnerability in x86 MCE AMD Handling

A vulnerability in the Linux kernel's handling of Machine Check Architecture (MCA) banks for AMD processors has been addressed. The issue arose because the bank_map, which indicates which MCA banks to initialize, was defined as an unsigned int. This limitation caused an overflow when bank numbers reached 32 or higher, leading to a shift-out-of-bounds error. The vulnerability affected the stable versions of the Linux kernel that were prior to the fix, specifically in the x86/MCE/AMD component.

Impact

The vulnerability could lead to a denial-of-service condition by causing a shift-out-of-bounds error, which can disrupt normal processing and potentially be exploited to manipulate memory.

Reproduction

The vulnerability can be reproduced by configuring an AMD processor to use more than 32 MCA banks. This can be done by enabling certain features in the processor that increase the number of active MCA banks beyond 32. Once this is set, the system will attempt to initialize the banks using the bank_map, which will overflow and cause the shift-out-of-bounds error.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed. Instructions for upgrading the Linux kernel can be found in the official Linux documentation or through the package management system of the respective Linux distribution.