CVE-2025-22056: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-22056 is a vulnerability discovered in the Linux kernel's netfilter component, specifically in the nfttunnel functionality. The vulnerability was disclosed on April 16, 2025, affecting the Linux kernel's handling of NFTATUNNELKEYOPTS_GENEVE attributes (NVD).

The vulnerability stems from a type confusion issue in the netfilter's nfttunnel component when handling multiple NFTATUNNELKEYOPTSGENEVE attributes. The parsing logic should place every geneveopt structure compactly, but the current implementation performs incorrect type conversion before pointer addition, leading to a heap out-of-bounds write condition. This was confirmed through KASAN (Kernel Address Sanitizer) detection showing a slab-out-of-bounds write of size 124 bytes (NVD, Red Hat).

The vulnerability results in a heap out-of-bounds write condition which could potentially lead to memory corruption in the kernel. The severity is rated as Important with a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) (Red Hat).

The vulnerability has been fixed in Linux kernel version 6.12.25-1 for the unstable branch. Various Linux distributions have released patches, including Debian which has marked the fix as available in version 6.12.25-1 while older versions remain vulnerable (Debian Tracker).