CVE-2025-22001

In the Linux kernel, the following vulnerability has been resolved:

accel/qaic: Fix integer overflow in qaic_validate_req()

These are u64 variables that come from the user via qaic_attach_slice_bo_ioctl(). Use check_add_overflow() to ensure that the math doesn't have an integer wrapping bug.

Published: Apr 3, 2025
Updated: May 4, 2025
CVE: CVE-2025-22001
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-190

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	6.14-rc1	6.14-rc1.x
linux / linux_kernel	6.14-rc2	6.14-rc2.x
linux / linux_kernel	6.14-rc3	6.14-rc3.x
linux / linux_kernel	6.14-rc4	6.14-rc4.x
linux / linux_kernel	6.13	6.13.9
linux / linux_kernel	6.7	6.12.21
linux / linux_kernel	6.4	6.6.85
linux / linux_kernel	6.14-rc5	6.14-rc5.x
linux / linux_kernel	6.14-rc6	6.14-rc6.x
linux / linux_kernel	6.14-rc7	6.14-rc7.x

https://git.kernel.org/stable/c/4b2a170c25862ad116bd31be6b9841646b4862e8
https://git.kernel.org/stable/c/57fae0c505f49bb1e3d5660cd2cc49697ed85f7c
https://git.kernel.org/stable/c/67d15c7aa0864dfd82325c7e7e7d8548b5224c7b
https://git.kernel.org/stable/c/b362fc904d264a88b4af20baae9e82491c285e9c

Vulnerability Database

CVE-2025-22001