PT-2025-16695 · Linux+9 · Linux Kernel+9
Published
2025-04-03
·
Updated
2026-04-20
·
CVE-2025-22055
CVSS v2.0
6.2
Medium
| Vector | AV:L/AC:L/Au:S/C:C/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Linux kernel (affected versions not specified)
Description
The issue is related to an integer overflow in the
geneve opt length, which can lead to a heap out-of-bounds read. The struct geneve opt uses a 5-bit length for each single option, meaning every variable size option should be smaller than 128 bytes. However, current Netlink policies cannot guarantee this length condition, allowing an attacker to exploit a precisely 128-byte size option to fake a zero-length option and confuse the parsing logic. This can result in a heap out-of-bounds read.Recommendations
To resolve the issue, enforce the correct length condition in related policies. As a temporary workaround, consider restricting access to the vulnerable
geneve opt module to minimize the risk of exploitation.Exploit
Fix
DoS
Out of bounds Read
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Almalinux
Astra Linux
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu