CVE-2024-53072: 
Linux Kernel vulnerability analysis and mitigation

CVE-2024-53072 affects the Linux kernel's AMD PMC (Power Management Controller) driver. The vulnerability was discovered when loading the amdpmc module with enablestb=1 parameter, which could result in kernel ring buffer error messages due to improper handling of STB (Spill to DRAM Buffer) unavailability. The issue affects Linux kernel versions from 5.18 up to (excluding) 6.1.117, 6.2 up to (excluding) 6.6.61, and 6.7 up to (excluding) 6.11.8 (NVD).

The vulnerability occurs in the platform/x86/amd/pmc driver when requests for S2DPHYSADDRLOW and S2DPHYSADDRHIGH return a value of 0, indicating that the STB is inaccessible. This results in an ioremap warning and potential system instability. The issue has been assigned a CVSS v3.1 Base Score of 5.5 (Medium) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability can lead to system instability and kernel warnings when attempting to use the AMD PMC driver with STB functionality enabled on systems where STB is not available. The impact is primarily focused on system availability, with no direct impact on confidentiality or integrity (NVD).

The issue has been fixed in the Linux kernel through a patch that adds proper detection and handling of STB unavailability. Users should either update to patched kernel versions or disable the enable_stb parameter if STB functionality is not available on their system. The fix includes adding an error message to provide clarity to users when STB is not enabled (Kernel Patch).