Memory Controller Vulnerability in Linux Kernel on Intel Granite Rapids Servers
CVE-2025-40157

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 12 November 2025

What is CVE-2025-40157?

A vulnerability in the Linux kernel manifests when the i10nm_edac driver is loaded on certain Intel Granite Rapids servers. The issue arises due to some BIOS configurations that disable a memory controller if no memory DIMMs are present. This results in invalid values being read from the DIMMMTR register of the inactive memory controller, leading to unexpected call traces. By addressing this flaw, the driver can correctly bypass DIMM enumeration for disabled memory controllers, thus improving system stability and reliability.

Affected Version(s)

Linux ba987eaaabf99b462cdfed86274e3455d5126349 < 8100b6c0f9089d5b156642b81270ce27fff17490

Linux ba987eaaabf99b462cdfed86274e3455d5126349 < 1652f14cf3bef5a4baa232de954fc22bdcaa78fe

Linux ba987eaaabf99b462cdfed86274e3455d5126349

References

https://git.kernel.org/stable/c/8100b6c0f9089d5b156642b81...

https://git.kernel.org/stable/c/1652f14cf3bef5a4baa232de9...

https://git.kernel.org/stable/c/c20da24272f1ac79e9f9083bb...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2025
Vulnerability Reserved
Apr 16, 2025

JSON