CVE-2025-22044

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-22044
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-22044.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-22044
Downstream
Related
Published
2025-04-16T14:12:05.199Z
Modified
2025-11-27T19:33:57.249021Z
Summary
acpi: nfit: fix narrowing conversion in acpi_nfit_ctl
Details

In the Linux kernel, the following vulnerability has been resolved:

acpi: nfit: fix narrowing conversion in acpinfitctl

Syzkaller has reported a warning in tonfitbusuuid(): "only secondary bus families can be translated". This warning is emited if the argument is equal to NVDIMMBUSFAMILYNFIT == 0. Function acpinfitctl() first verifies that a user-provided value callpkg->ndfamily of type u64 is not equal to 0. Then the value is converted to int, and only after that is compared to NVDIMMBUSFAMILYMAX. This can lead to passing an invalid argument to acpinfitctl(), if callpkg->nd_family is non-zero, while the lower 32 bits are zero.

Furthermore, it is best to return EINVAL immediately upon seeing the invalid user input. The WARNING is insufficient to prevent further undefined behavior based on other invalid user input.

All checks of the input value should be applied to the original variable callpkg->ndfamily.

[iweiny: update commit message]

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/blob/ee626f5d79d5817bb21d6f048dc0da4c4e383443/cves/2025/22xxx/CVE-2025-22044.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6450ddbd5d8e83ea9927c7f9076a21f829699e0f
Fixed
4b65cff06a004ac54f6ea8886060f0d07b1ca055
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6450ddbd5d8e83ea9927c7f9076a21f829699e0f
Fixed
92ba06aef65522483784dcbd6697629ddbd4c4f9
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6450ddbd5d8e83ea9927c7f9076a21f829699e0f
Fixed
bae5b55e0f327102e78f6a66fb127275e9bc91b6
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6450ddbd5d8e83ea9927c7f9076a21f829699e0f
Fixed
c90402d2a226ff7afbe1d0650bee8ecc15a91049
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6450ddbd5d8e83ea9927c7f9076a21f829699e0f
Fixed
e71a57c5aaa389d4c3c82f920761262efdd18d38
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6450ddbd5d8e83ea9927c7f9076a21f829699e0f
Fixed
73851cfceb00cc77d7a0851bc10f2263394c3e87
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6450ddbd5d8e83ea9927c7f9076a21f829699e0f
Fixed
85f11291658ab907c4294319c8102450cc75bb96
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6450ddbd5d8e83ea9927c7f9076a21f829699e0f
Fixed
2ff0e408db36c21ed3fa5e3c1e0e687c82cf132f

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.9.0
Fixed
5.10.236
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.180
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.134
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.87
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.23
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.13.11
Type
ECOSYSTEM
Events
Introduced
6.14.0
Fixed
6.14.2