Linux Kernel Integer Overflow Vulnerability in accel/qaic Component

Vulnerability

An integer overflow vulnerability has been identified in the Linux kernel's accel/qaic component, specifically within the qaic_validate_req() function. This issue arises from u64 variables that are received from the user via the qaic_attach_slice_bo_ioctl() function. The vulnerability has been addressed by implementing check_add_overflow() to prevent potential integer wrapping errors.

Impact

Exploitation of this vulnerability could lead to incorrect calculations due to integer overflow, potentially allowing for memory corruption or other unintended behavior.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Integer Overflow Vulnerability in accel/qaic Component

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating