CVE-2025-22001

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-22001
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22001.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-22001
Downstream
Related
Published
2025-04-03T07:19:04.251Z
Modified
2025-11-15T16:16:58.653875Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
accel/qaic: Fix integer overflow in qaic_validate_req()
Details

In the Linux kernel, the following vulnerability has been resolved:

accel/qaic: Fix integer overflow in qaicvalidatereq()

These are u64 variables that come from the user via qaicattachsliceboioctl(). Use checkaddoverflow() to ensure that the math doesn't have an integer wrapping bug.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ff13be8303336ead5621712f2c55012d738878b5
Fixed
4b2a170c25862ad116bd31be6b9841646b4862e8
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ff13be8303336ead5621712f2c55012d738878b5
Fixed
b362fc904d264a88b4af20baae9e82491c285e9c
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ff13be8303336ead5621712f2c55012d738878b5
Fixed
57fae0c505f49bb1e3d5660cd2cc49697ed85f7c
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
ff13be8303336ead5621712f2c55012d738878b5
Fixed
67d15c7aa0864dfd82325c7e7e7d8548b5224c7b

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.3
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.13.1
v6.13.2
v6.13.3
v6.13.4
v6.13.5
v6.13.6
v6.13.7
v6.13.8
v6.3
v6.3-rc5
v6.3-rc6
v6.3-rc7
v6.4
v6.4-rc1
v6.4-rc2
v6.4-rc3
v6.4-rc4
v6.4-rc5
v6.4-rc6
v6.4-rc7
v6.5
v6.5-rc1
v6.5-rc2
v6.5-rc3
v6.5-rc4
v6.5-rc5
v6.5-rc6
v6.5-rc7
v6.6
v6.6-rc1
v6.6-rc2
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.6.1
v6.6.10
v6.6.11
v6.6.12
v6.6.13
v6.6.14
v6.6.15
v6.6.16
v6.6.17
v6.6.18
v6.6.19
v6.6.2
v6.6.20
v6.6.21
v6.6.22
v6.6.23
v6.6.24
v6.6.25
v6.6.26
v6.6.27
v6.6.28
v6.6.29
v6.6.3
v6.6.30
v6.6.31
v6.6.32
v6.6.33
v6.6.34
v6.6.35
v6.6.36
v6.6.37
v6.6.38
v6.6.39
v6.6.4
v6.6.40
v6.6.41
v6.6.42
v6.6.43
v6.6.44
v6.6.45
v6.6.46
v6.6.47
v6.6.48
v6.6.49
v6.6.5
v6.6.50
v6.6.51
v6.6.52
v6.6.53
v6.6.54
v6.6.55
v6.6.56
v6.6.57
v6.6.58
v6.6.59
v6.6.6
v6.6.60
v6.6.61
v6.6.62
v6.6.63
v6.6.64
v6.6.65
v6.6.66
v6.6.67
v6.6.68
v6.6.69
v6.6.7
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.74
v6.6.75
v6.6.76
v6.6.77
v6.6.78
v6.6.79
v6.6.8
v6.6.80
v6.6.81
v6.6.82
v6.6.83
v6.6.84
v6.6.9
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4b2a170c25862ad116bd31be6b9841646b4862e8",
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "function": "qaic_validate_req",
            "file": "drivers/accel/qaic/qaic_data.c"
        },
        "id": "CVE-2025-22001-13fe4145",
        "digest": {
            "length": 542.0,
            "function_hash": "151668550640286215073653245283806614875"
        },
        "deprecated": false
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b362fc904d264a88b4af20baae9e82491c285e9c",
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "drivers/accel/qaic/qaic_data.c"
        },
        "id": "CVE-2025-22001-53195ff2",
        "digest": {
            "line_hashes": [
                "231149827439595089297334536029151656366",
                "182555653467745639805809330702989641005",
                "233972443231140438850206409983953007119",
                "100102624830383154918585156161421138223",
                "229479001979392027421882672126742083008",
                "69636034832963169048612575915992952034",
                "199872761095442364868717124415819022888",
                "174813135648796753419402994109632056957"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@b362fc904d264a88b4af20baae9e82491c285e9c",
        "signature_version": "v1",
        "signature_type": "Function",
        "target": {
            "function": "qaic_validate_req",
            "file": "drivers/accel/qaic/qaic_data.c"
        },
        "id": "CVE-2025-22001-8aedb07a",
        "digest": {
            "length": 542.0,
            "function_hash": "151668550640286215073653245283806614875"
        },
        "deprecated": false
    },
    {
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@4b2a170c25862ad116bd31be6b9841646b4862e8",
        "signature_version": "v1",
        "signature_type": "Line",
        "target": {
            "file": "drivers/accel/qaic/qaic_data.c"
        },
        "id": "CVE-2025-22001-9ecd8640",
        "digest": {
            "line_hashes": [
                "231149827439595089297334536029151656366",
                "182555653467745639805809330702989641005",
                "233972443231140438850206409983953007119",
                "100102624830383154918585156161421138223",
                "229479001979392027421882672126742083008",
                "69636034832963169048612575915992952034",
                "199872761095442364868717124415819022888",
                "174813135648796753419402994109632056957"
            ],
            "threshold": 0.9
        },
        "deprecated": false
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.4.0
Fixed
6.6.85
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.21
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.13.9