CVE-2025-22001
MEDIUMCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Description
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix integer overflow in qaic_validate_req() These are u64 variables that come from the user via qaic_attach_slice_bo_ioctl(). Use check_add_overflow() to ensure that the math doesn't have an integer wrapping bug.
Analysis
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix integer overflow in qaic_validate_req() These are u64 variables that come from the user via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Technical Context
This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix integer overflow in qaic_validate_req() These are u64 variables that come from the user via qaic_attach_slice_bo_ioctl(). Use check_add_overflow() to ensure that the math doesn't have an integer wrapping bug. Affected products include: Linux Linux Kernel.
Affected Products
Linux Linux Kernel.
Remediation
A vendor patch is available. Apply the latest security update as soon as possible. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.
Priority Score
Vendor Status
Share
External POC / Exploit Code
Leaving vuln.today