CVE-2025-22001

These are u64 variables that come from the user via qaicattachsliceboioctl(). Use checkaddoverflow() to ensure that the math doesn't have an integer wrapping bug.

Database specific

{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/cc431b3424123d84bcd7afd4de150b33f117a8ef/cves/2025/22xxx/CVE-2025-22001.json"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

ff13be8303336ead5621712f2c55012d738878b5

Fixed

4b2a170c25862ad116bd31be6b9841646b4862e8

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

ff13be8303336ead5621712f2c55012d738878b5

Fixed

b362fc904d264a88b4af20baae9e82491c285e9c

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

ff13be8303336ead5621712f2c55012d738878b5

Fixed

57fae0c505f49bb1e3d5660cd2cc49697ed85f7c

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

ff13be8303336ead5621712f2c55012d738878b5

Fixed

67d15c7aa0864dfd82325c7e7e7d8548b5224c7b

Linux / Kernel

Package

Name: Kernel

Affected ranges

Type: ECOSYSTEM
Events: Introduced

6.4.0

Fixed

6.6.85

Type: ECOSYSTEM
Events: Introduced

6.7.0

Fixed

6.12.21

Type: ECOSYSTEM
Events: Introduced

6.13.0

Fixed

6.13.9