AZL-59870

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59870.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-59870

Upstream

CVE-2025-22001

Published

2025-04-03T08:15:15Z

Modified

2026-04-01T05:19:33.729094Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

CVE-2025-22001 affecting package kernel for versions less than 6.6.85.1-2

Details

In the Linux kernel, the following vulnerability has been resolved:

accel/qaic: Fix integer overflow in qaicvalidatereq()

These are u64 variables that come from the user via qaicattachsliceboioctl(). Use checkaddoverflow() to ensure that the math doesn't have an integer wrapping bug.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-22001

Affected packages

Azure Linux:3 / kernel

Package

Name: kernel
Purl: pkg:rpm/azure-linux/kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.6.85.1-2

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59870.json"