CVE-2025-22001: 
Linux Kernel vulnerability analysis and mitigation

An integer overflow vulnerability was discovered in the Linux kernel's QAIC accelerator driver (CVE-2025-22001). The vulnerability was identified in the qaic_validate_req() function where u64 variables from user input via qaic_attach_slice_bo_ioctl() could potentially cause an integer wrapping bug. The issue was disclosed on April 3, 2025, affecting multiple versions of the Linux kernel including versions from 6.7 up to 6.12.21, and 6.13 up to 6.13.9 (NVD).

The vulnerability is classified as an Integer Overflow or Wraparound (CWE-190) with a CVSS v3.1 base score of 5.5 (Medium). The attack vector is local (AV:L), with low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), and affecting only the local system scope (S:U). While the vulnerability does not impact confidentiality or integrity, it can have a high impact on availability (C:N/I:N/A:H) (NVD).

The vulnerability could potentially lead to system availability issues due to integer overflow in the QAIC accelerator driver. The high availability impact rating suggests that successful exploitation could result in significant disruption to the system's resources (NVD).

The vulnerability has been patched by implementing check_add_overflow() to prevent integer wrapping bugs in the affected function. Multiple Linux distributions have released updates to address this vulnerability, including patches for various kernel versions (Debian).