{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-22117", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2024-12-29T08:45:45.823Z", "datePublished": "2025-04-16T14:13:03.099Z", "dateUpdated": "2026-05-11T21:13:17.940Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-11T21:13:17.940Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw()\n\nFix using the untrusted value of proto->raw.pkt_len in function\nice_vc_fdir_parse_raw() by verifying if it does not exceed the\nVIRTCHNL_MAX_SIZE_RAW_PACKET value."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c"], "versions": [{"version": "99f419df8a5c5e1a58822203989f77712d01d410", "lessThan": "363377af2c9e874fbba3a199408f8ec7b37906f7", "status": "affected", "versionType": "git"}, {"version": "99f419df8a5c5e1a58822203989f77712d01d410", "lessThan": "362f704ba73a359db9cded567e891d9a8f081875", "status": "affected", "versionType": "git"}, {"version": "99f419df8a5c5e1a58822203989f77712d01d410", "lessThan": "1388dd564183a5a18ec4a966748037736b5653c5", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/intel/ice/ice_virtchnl_fdir.c"], "versions": [{"version": "6.12", "status": "affected"}, {"version": "0", "lessThan": "6.12", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.80", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.14.2", "lessThanOrEqual": "6.14.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.15", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.12.80"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.14.2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.12", "versionEndExcluding": "6.15"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/363377af2c9e874fbba3a199408f8ec7b37906f7"}, {"url": "https://git.kernel.org/stable/c/362f704ba73a359db9cded567e891d9a8f081875"}, {"url": "https://git.kernel.org/stable/c/1388dd564183a5a18ec4a966748037736b5653c5"}], "title": "ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw()", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "3AB78153-4A25-4D47-B073-8CD166841742", "versionEndExcluding": "6.14.2", "versionStartIncluding": "6.12", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw()\n\nFix using the untrusted value of proto->raw.pkt_len in function\nice_vc_fdir_parse_raw() by verifying if it does not exceed the\nVIRTCHNL_MAX_SIZE_RAW_PACKET value."}, {"lang": "es", "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ice: correcci\u00f3n del uso del valor no confiable de pkt_len en ice_vc_fdir_parse_raw() Se corrige el uso del valor no confiable de proto->raw.pkt_len en la funci\u00f3n ice_vc_fdir_parse_raw() verificando que no exceda el valor VIRTCHNL_MAX_SIZE_RAW_PACKET."}], "id": "CVE-2025-22117", "lastModified": "2026-04-02T12:16:18.133", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-04-16T15:16:05.900", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/1388dd564183a5a18ec4a966748037736b5653c5"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "tags": ["Patch"], "url": "https://git.kernel.org/stable/c/362f704ba73a359db9cded567e891d9a8f081875"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/363377af2c9e874fbba3a199408f8ec7b37906f7"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "kernel: ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw()", "id": "2360228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2360228"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["In the Linux kernel, the following vulnerability has been resolved:\nice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw()\nFix using the untrusted value of proto->raw.pkt_len in function\nice_vc_fdir_parse_raw() by verifying if it does not exceed the\nVIRTCHNL_MAX_SIZE_RAW_PACKET value."], "name": "CVE-2025-22117", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-04-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-22117\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-22117\nhttps://lore.kernel.org/linux-cve-announce/2025041626-CVE-2025-22117-2d76@gregkh/T"], "threat_severity": "Low"}

{"analysis": {"en": {"generated_at": "2026-04-28T11:32:49.496393+00:00", "value": {"mitigation_remediation": ["Upgrade the Linux kernel to a release that contains the patch adding the pkt_len bounds check.", "Reboot the system or reload the ice module to ensure the updated driver is active.", "Apply network-layer filtering or ACLs to limit or block unexpected raw packets on the affected NIC until the patch is applied."], "summary": {"action": "Apply Patch", "impact": "Denial of Service (possible memory corruption)"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Linux operating system, specifically the ice network driver integrated into the kernel. Vendor information lists the kernel as \"Linux\". No specific kernel version range is provided in the data, so any release containing the ice driver prior to the fix may be at risk. Users should verify if their deployed kernel includes the patch that performs the length check.", "description_and_impact": "In the Linux kernel ice driver, a flaw allowed the raw packet length (pkt_len) to be used without verifying it was within the allowed maximum. This omission could lead to a buffer overrun when processing a forged packet, potentially corrupting memory or causing a kernel crash. The issue was identified and fixed by adding a bounds check against VIRTCHNL_MAX_SIZE_RAW_PACKET, addressing the improper input validation identified as CWE\u201120. While the CVSS score of 5.5 classifies the vulnerability as moderate, the impacted behavior is consistent with a denial\u2011of\u2011service scenario.", "risk_and_exploitability": "The CVSS score indicates a moderate risk, and the EPSS score of less than 1% suggests a low probability of current exploitation. The advisory notes that the vulnerability is not in the CISA KEV catalog. The likely attack vector is locally via a crafted packet sent to the NIC; while the description does not confirm remote code execution, the improper validation could lead to crashes, so comprehensive monitoring of the interface is advised until the patch is applied."}}}}, "created": "2026-04-28T11:45:30.243174+00:00", "updated": "2026-04-28T11:45:30.243193+00:00", "vendors": []}