CVE-2023-53474 – This CVE describes an integer overflow vulnerab... (How to Fix)

Q: What is the severity of CVE-2023-53474?

CVE-2023-53474 has a CVSS score of 5.5 (MEDIUM). This CVE describes an integer overflow vulnerability in the Linux kernel's x86 MCE/AMD subsystem where the bank_map variable uses a 32-bit integer instead of 64-bit, causing undefined behavior when handling more than 32 MCA banks. This affects Linux systems with AMD processors that have more than 32 MCA banks. The vulnerability can cause kernel instability or crashes.

📋 TL;DR

This CVE describes an integer overflow vulnerability in the Linux kernel's x86 MCE/AMD subsystem where the bank_map variable uses a 32-bit integer instead of 64-bit, causing undefined behavior when handling more than 32 MCA banks. This affects Linux systems with AMD processors that have more than 32 MCA banks. The vulnerability can cause kernel instability or crashes.

💻 Affected Systems

Products:

Linux kernel

Versions: Kernel versions before the fix commits (specific versions vary by distribution)

Operating Systems: Linux distributions with affected kernel versions

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with AMD processors that have more than 32 MCA banks. Most modern AMD processors are affected.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Kernel panic or system crash leading to denial of service, potentially allowing local privilege escalation if combined with other vulnerabilities.

🟠

Likely Case

System instability, kernel warnings (UBSAN), or crashes when the MCE subsystem processes more than 32 banks.

🟢

If Mitigated

Minor performance impact or kernel warnings without system compromise.

🌐 Internet-Facing: LOW - This is a local kernel vulnerability requiring local access.

🏢 Internal Only: MEDIUM - Local users or processes could trigger the vulnerability, potentially causing system instability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and knowledge of triggering the MCE subsystem with >32 banks. No public exploits known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in kernel commits: 11c58a0c1937c157dbdf82d5ab634d68c99f3098, 4c1cdec319b9aadb65737c3eb1f5cb74bd6aa156, 67bb7521b6420d81dab7538c0686f18f7d6d09f4, 9669fa17287c3af2bbd4868d4c8fdd9e57f8332e, a9b9ea0e63a0ec5e97bf1219ab6dcbd55e362f83

Vendor Advisory: https://git.kernel.org/stable/c/11c58a0c1937c157dbdf82d5ab634d68c99f3098

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Check your distribution's security advisories for specific patched versions. 3. Reboot the system after kernel update.

🔧 Temporary Workarounds

Disable MCE subsystem (not recommended)

linux

Disabling Machine Check Exception handling could prevent the vulnerability but removes important hardware error detection.

echo 0 > /sys/devices/system/machinecheck/machinecheck0/check_interval

🧯 If You Can't Patch

Restrict local user access to minimize attack surface
Monitor system logs for UBSAN warnings related to shift-out-of-bounds errors

🔍 How to Verify

Check if Vulnerable:

Check kernel version and compare with distribution's patched versions. Look for UBSAN warnings in dmesg about 'shift-out-of-bounds' in amd.c:1365.

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes the fix commits. Check that no UBSAN warnings appear related to this issue.

📡 Detection & Monitoring

Log Indicators:

UBSAN: shift-out-of-bounds in arch/x86/kernel/cpu/mce/amd.c:1365:38
Kernel panic or crash logs

Network Indicators:

None - local vulnerability only

SIEM Query:

source="kernel" AND ("shift-out-of-bounds" OR "amd.c:1365" OR "UBSAN")

📊 Metadata

CVE ID: CVE-2023-53474

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-190

EPSS Score: 0.02% exploit probability (5.5th percentile)

Published: October 1, 2025

Last Updated: January 20, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-53474, you might also want to check these: