CVE-2025-22001

Summary

In the Linux kernel, the following vulnerability has been resolved:

accel/qaic: Fix integer overflow in qaic_validate_req()

These are u64 variables that come from the user via qaic_attach_slice_bo_ioctl(). Use check_add_overflow() to ensure that the math doesn't have an integer wrapping bug.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxff13be8303336ead5621712f2c55012d738878b5 < 4b2a170c25862ad116bd31be6b9841646b4862e8affected
LinuxLinuxff13be8303336ead5621712f2c55012d738878b5 < b362fc904d264a88b4af20baae9e82491c285e9caffected
LinuxLinuxff13be8303336ead5621712f2c55012d738878b5 < 57fae0c505f49bb1e3d5660cd2cc49697ed85f7caffected
LinuxLinuxff13be8303336ead5621712f2c55012d738878b5 < 67d15c7aa0864dfd82325c7e7e7d8548b5224c7baffected
LinuxLinux6.4affected
LinuxLinux0 < 6.4unaffected
LinuxLinux6.6.85 <= 6.6.*unaffected
LinuxLinux6.12.21 <= 6.12.*unaffected
LinuxLinux6.13.9 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References