CVE-2025-22117Improper Input Validation in Linux

CWE-20Improper Input Validation11 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 75.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
LinuxLinux KernelDebian Linux
Timeline
PublishedApr 16
Latest updateJul 8

Description

In the Linux kernel, the following vulnerability has been resolved: ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw() Fix using the untrusted value of proto->raw.pkt_len in function ice_vc_fdir_parse_raw() by verifying if it does not exceed the VIRTCHNL_MAX_SIZE_RAW_PACKET value.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

NVDlinux/linux_kernel6.126.14.2
Debianlinux/linux_kernel< 6.16.3-1
Ubuntulinux/linux_kernel< 6.14.0-22.22
CVEListV5linux/linux99f419df8a5c5e1a58822203989f77712d01d410363377af2c9e874fbba3a199408f8ec7b37906f7+3
debiandebian/linux< linux 6.16.3-1 (forky)

Patches

Patch: git.kernel.orgPatch: git.kernel.org

🔴Vulnerability Details

5
OSV
linux-aws, linux-oracle vulnerabilities2025-07-08
OSV
linux-azure vulnerabilities2025-06-26
OSV
linux, linux-gcp, linux-raspi, linux-realtime vulnerabilities2025-06-24
OSV
CVE-2025-22117: In the Linux kernel, the following vulnerability has been resolved: ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw() Fix using the2025-04-16
GHSA
GHSA-76xf-w35q-qjmg: In the Linux kernel, the following vulnerability has been resolved: ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw() Fix using t2025-04-16

📋Vendor Advisories

5
Ubuntu
Linux kernel vulnerabilities2025-07-08
Ubuntu
Linux kernel (Azure) vulnerabilities2025-06-26
Ubuntu
Linux kernel vulnerabilities2025-06-24
Red Hat
kernel: ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw()2025-04-16
Debian
CVE-2025-22117: linux - In the Linux kernel, the following vulnerability has been resolved: ice: fix us...2025
CVE-2025-22117 — Improper Input Validation in Linux | cvebase