CVE-2025-22117 - Vulnerability Details

- ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw()

Description

In the Linux kernel, the following vulnerability has been resolved:

ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw()

Fix using the untrusted value of proto->raw.pkt_len in function
ice_vc_fdir_parse_raw() by verifying if it does not exceed the
VIRTCHNL_MAX_SIZE_RAW_PACKET value.

Published: 2025-04-16

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

In the Linux kernel ice driver, a flaw allowed the raw packet length (pkt_len) to be used without verifying it was within the allowed maximum. This omission could lead to a buffer overrun when processing a forged packet, potentially corrupting memory or causing a kernel crash. The issue was identified and fixed by adding a bounds check against VIRTCHNL_MAX_SIZE_RAW_PACKET, addressing the improper input validation identified as CWE‑20. While the CVSS score of 5.5 classifies the vulnerability as moderate, the impacted behavior is consistent with a denial‑of‑service scenario.

Affected Systems

The vulnerability affects the Linux operating system, specifically the ice network driver integrated into the kernel. Vendor information lists the kernel as "Linux". No specific kernel version range is provided in the data, so any release containing the ice driver prior to the fix may be at risk. Users should verify if their deployed kernel includes the patch that performs the length check.

Risk and Exploitability

The CVSS score indicates a moderate risk, and the EPSS score of less than 1% suggests a low probability of current exploitation. The advisory notes that the vulnerability is not in the CISA KEV catalog. The likely attack vector is locally via a crafted packet sent to the NIC; while the description does not confirm remote code execution, the improper validation could lead to crashes, so comprehensive monitoring of the interface is advised until the patch is applied.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`99f419df8a5c5e1a58822203989f77712d01d410`	affected	< 363377af2c9e874fbba3a199408f8ec7b37906f7
`99f419df8a5c5e1a58822203989f77712d01d410`	affected	< 362f704ba73a359db9cded567e891d9a8f081875
`99f419df8a5c5e1a58822203989f77712d01d410`	affected	< 1388dd564183a5a18ec4a966748037736b5653c5

Linux

affected

Version	Status	Constraints
`6.12`	affected	—
`0`	unaffected	< 6.12
`6.12.80`	unaffected	≤ 6.12.*
`6.14.2`	unaffected	≤ 6.14.*
`6.15`	unaffected	≤ *

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the Linux kernel to a release that contains the patch adding the pkt_len bounds check.
Reboot the system or reload the ice module to ensure the updated driver is active.
Apply network-layer filtering or ACLs to limit or block unexpected raw packets on the affected NIC until the patch is applied.

Generated by OpenCVE AI on April 28, 2026 at 11:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Debian DSA	DSA-6238-1	linux security update
EUVD	EUVD-2025-11188	In the Linux kernel, the following vulnerability has been resolved: ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw() Fix using the untrusted value of proto->raw.pkt_len in function ice_vc_fdir_parse_raw() by verifying if it does not exceed the VIRTCHNL_MAX_SIZE_RAW_PACKET value.
Ubuntu USN	USN-7594-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7594-2	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7594-3	Linux kernel vulnerabilities

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00046.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1388dd564183a5a18ec4a966748037736b5653c5
https://git.kernel.org/stable/c/362f704ba73a359db9cded567e891d9a8f081875
https://git.kernel.org/stable/c/363377af2c9e874fbba3a199408f8ec7b37906f7
https://lore.kernel.org/linux-cve-announce/2025041626-CVE-2025-22117-2d76@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-22117
https://www.cve.org/CVERecord?id=CVE-2025-22117

History

Thu, 02 Apr 2026 11:45:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/363377af2c9e874fbba3a199408f8ec7b37906f7

Mon, 03 Nov 2025 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
Metrics	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Tue, 27 May 2025 03:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-20
Metrics	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Sat, 19 Apr 2025 02:00:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025041626-CVE-2025-22117-2d76@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-22117 https://www.cve.org/CVERecord?id=CVE-2025-22117
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Moderate`

Wed, 16 Apr 2025 14:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw() Fix using the untrusted value of proto->raw.pkt_len in function ice_vc_fdir_parse_raw() by verifying if it does not exceed the VIRTCHNL_MAX_SIZE_RAW_PACKET value.
Title		ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw()
References		https://git.kernel.org/stable/c/1388dd564183a5a18ec4a966748037736b5653c5 https://git.kernel.org/stable/c/362f704ba73a359db9cded567e891d9a8f081875

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-04-16T14:13:03.099Z

Updated: 2026-05-11T21:13:17.940Z

Reserved: 2024-12-29T08:45:45.823Z

Link: CVE-2025-22117

Vulnrichment

No data.

NVD

Status : Modified

Published: 2025-04-16T15:16:05.900

Modified: 2026-04-02T12:16:18.133

Link: CVE-2025-22117

Redhat

Severity : Low

Publid Date: 2025-04-16T00:00:00Z

Links: CVE-2025-22117 - Bugzilla

OpenCVE Enrichment

Updated: 2026-04-28T11:45:30Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object