CVE-2025-22001
📋 TL;DR
This CVE describes an integer overflow vulnerability in the Linux kernel's QAIC (Qualcomm AI Compute) driver. Attackers with local access can trigger the overflow via the qaic_attach_slice_bo_ioctl() function, potentially leading to kernel memory corruption. Systems using QAIC acceleration with vulnerable kernel versions are affected.
💻 Affected Systems
- Linux kernel with QAIC (Qualcomm AI Compute) driver
📦 What is this software?
Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →Linux Kernel by Linux
The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...
Learn more about Linux Kernel →⚠️ Risk & Real-World Impact
Worst Case
Kernel panic, denial of service, or potential privilege escalation leading to full system compromise.
Likely Case
Kernel crash or denial of service affecting AI acceleration functionality.
If Mitigated
Limited impact if proper access controls prevent unauthorized users from accessing the vulnerable ioctl.
🎯 Exploit Status
Requires local access and ability to call the vulnerable ioctl. No public exploit code is known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Kernel versions containing commits 4b2a170c25862ad116bd31be6b9841646b4862e8, 57fae0c505f49bb1e3d5660cd2cc49697ed85f7c, 67d15c7aa0864dfd82325c7e7e7d8548b5224c7b, or b362fc904d264a88b4af20baae9e82491c285e9c
Vendor Advisory: https://git.kernel.org/stable/c/4b2a170c25862ad116bd31be6b9841646b4862e8
Restart Required: Yes
Instructions:
1. Update to a patched kernel version from your distribution. 2. Reboot the system to load the new kernel. 3. Verify the fix is applied by checking kernel version.
🔧 Temporary Workarounds
Disable QAIC module
linuxRemove or blacklist the QAIC kernel module if not required
sudo rmmod qaic
echo 'blacklist qaic' | sudo tee /etc/modprobe.d/qaic-blacklist.conf
Restrict access to QAIC device
linuxChange permissions on QAIC device files to prevent unauthorized access
sudo chmod 600 /dev/qaic*
sudo chown root:root /dev/qaic*
🧯 If You Can't Patch
- Implement strict access controls to prevent unauthorized users from accessing QAIC functionality
- Monitor system logs for unusual QAIC-related activity or crashes
🔍 How to Verify
Check if Vulnerable:
Check if QAIC module is loaded: lsmod | grep qaic. If loaded, check kernel version against patched versions.Check Version:
uname -rVerify Fix Applied:
Verify kernel version includes one of the fix commits: uname -r and check with distribution vendor.📡 Detection & Monitoring
Log Indicators:
- Kernel oops messages
- System crashes related to QAIC driver
- Permission denied errors for QAIC device access
Network Indicators:
- None - local vulnerability only
SIEM Query:
source="kernel" AND ("qaic" OR "QAIC") AND ("panic" OR "oops" OR "BUG")