CVE-2025-22001

high

Description

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix integer overflow in qaic_validate_req() These are u64 variables that come from the user via qaic_attach_slice_bo_ioctl(). Use check_add_overflow() to ensure that the math doesn't have an integer wrapping bug.

References

https://git.kernel.org/stable/c/b362fc904d264a88b4af20baae9e82491c285e9c

https://git.kernel.org/stable/c/67d15c7aa0864dfd82325c7e7e7d8548b5224c7b

https://git.kernel.org/stable/c/57fae0c505f49bb1e3d5660cd2cc49697ed85f7c

https://git.kernel.org/stable/c/4b2a170c25862ad116bd31be6b9841646b4862e8

Details

Source: Mitre, NVD

Published: 2025-04-03

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High