CVE-2023-53496

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> x86/platform/uv: Use alternate source for socket to node data<br /> <br /> The UV code attempts to build a set of tables to allow it to do<br /> bidirectional socketnode lookups.<br /> <br /> But when nr_cpus is set to a smaller number than actually present, the<br /> cpu_to_node() mapping information for unused CPUs is not available to<br /> build_socket_tables(). This results in skipping some nodes or sockets<br /> when creating the tables and leaving some -1&amp;#39;s for later code to trip.<br /> over, causing oopses.<br /> <br /> The problem is that the socketnode lookups are created by doing a<br /> loop over all CPUs, then looking up the CPU&amp;#39;s APICID and socket. But<br /> if a CPU is not present, there is no way to start this lookup.<br /> <br /> Instead of looping over all CPUs, take CPUs out of the equation<br /> entirely. Loop over all APICIDs which are mapped to a valid NUMA node.<br /> Then just extract the socket-id from the APICID.<br /> <br /> This avoid tripping over disabled CPUs.