CVE-2025-22091 — Integer Overflow or Wraparound in Linux
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 80.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 16
Latest updateJul 8
Description
In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix page_size variable overflow
Change all variables storing mlx5_umem_mkc_find_best_pgsz() result to
unsigned long to support values larger than 31 and avoid overflow.
For example: If we try to register 4GB of memory that is contiguous in
physical memory, the driver will optimize the page_size and try to use
an mkey with 4GB entity size. The 'unsigned int' page_size variable will
overflow to '0' and we'll hit the …
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6
Affected Packages5 packages
▶CVEListV5linux/linuxcef7dde8836ab09a3bfe96ada4f18ef2496eacc9 — 01fd737776ca0f17a96d83cd7f0840ce130b9a02+4
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-rxxj-rv84-8c37: In the Linux kernel, the following vulnerability has been resolved:
RDMA/mlx5: Fix page_size variable overflow
Change all variables storing mlx5_ume↗2025-04-16
OSV▶
CVE-2025-22091: In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix page_size variable overflow Change all variables storing mlx5_umem_↗2025-04-16
📋Vendor Advisories
5Debian▶
CVE-2025-22091: linux - In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: ...↗2025