Linux Kernel EDAC i10nm: Skip DIMM Enumeration on Disabled Memory Controller
CVE-2025-40157 Published on November 12, 2025
EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller
In the Linux kernel, the following vulnerability has been resolved:
EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller
When loading the i10nm_edac driver on some Intel Granite Rapids servers,
a call trace may appear as follows:
UBSAN: shift-out-of-bounds in drivers/edac/skx_common.c:453:16
shift exponent -66 is negative
...
__ubsan_handle_shift_out_of_bounds+0x1e3/0x390
skx_get_dimm_info.cold+0x47/0xd40 [skx_edac_common]
i10nm_get_dimm_config+0x23e/0x390 [i10nm_edac]
skx_register_mci+0x159/0x220 [skx_edac_common]
i10nm_init+0xcb0/0x1ff0 [i10nm_edac]
...
This occurs because some BIOS may disable a memory controller if there
aren't any memory DIMMs populated on this memory controller. The DIMMMTR
register of this disabled memory controller contains the invalid value
~0, resulting in the call trace above.
Fix this call trace by skipping DIMM enumeration on a disabled memory
controller.
Products Associated with CVE-2025-40157
stack.watch emails you whenever new vulnerabilities are published in Linux Kernel or Canonical Ubuntu Linux. Just hit a watch button to start following.
Affected Versions
Linux:- Version ba987eaaabf99b462cdfed86274e3455d5126349 and below 8100b6c0f9089d5b156642b81270ce27fff17490 is affected.
- Version ba987eaaabf99b462cdfed86274e3455d5126349 and below 1652f14cf3bef5a4baa232de954fc22bdcaa78fe is affected.
- Version ba987eaaabf99b462cdfed86274e3455d5126349 and below c20da24272f1ac79e9f9083bba577d049cd02bbb is affected.
- Version ba987eaaabf99b462cdfed86274e3455d5126349 and below 2e6fe1bbefd9c059c3787d1c620fe67343a94dff is affected.
- Version 6.3 is affected.
- Before 6.3 is unaffected.
- Version 6.6.112, <= 6.6.* is unaffected.
- Version 6.12.53, <= 6.12.* is unaffected.
- Version 6.17.3, <= 6.17.* is unaffected.
- Version 6.18, <= * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.