CVE-2025-22044: In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: fix narrowing conversion in acpi_nfit_ctl Syzkaller has reported a w...

Description

In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: fix narrowing conversion in acpi_nfit_ctl Syzkaller has reported a warning in to_nfit_bus_uuid(): "only secondary bus families can be translated". This warning is emited if the argument is equal to NVDIMM_BUS_FAMILY_NFIT == 0. Function acpi_nfit_ctl() first verifies that a user-provided value call_pkg->nd_family of type u64 is not equal to 0. Then the value is converted to int, and only after that is compared to NVDIMM_BUS_FAMILY_MAX. This can lead to passing an invalid argument to acpi_nfit_ctl(), if call_pkg->nd_family is non-zero, while the lower 32 bits are zero. Furthermore, it is best to return EINVAL immediately upon seeing the invalid user input. The WARNING is insufficient to prevent further undefined behavior based on other invalid user input. All checks of the input value should be applied to the original variable call_pkg->nd_family. [iweiny: update commit message]

Metrics

CVSS 3.1

5.5/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

0.18%

7.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-704

Affected Software

Vendor	Product	Versions
Linux	Linux Kernel	>= 5.9, < 5.10.236
Linux	Linux Kernel	>= 5.11, < 5.15.180
Linux	Linux Kernel	>= 5.16, < 6.1.134
Linux	Linux Kernel	>= 6.2, < 6.6.87
Linux	Linux Kernel	>= 6.7, < 6.12.23
Linux	Linux Kernel	>= 6.13, < 6.13.11
Linux	Linux Kernel	>= 6.14, < 6.14.2

References

Timeline

Published: Apr 16, 2025
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2025-22044?

In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: fix narrowing conversion in acpi_nfit_ctl Syzkaller has reported a warning in to_nfit_bus_uuid(): "only secondary bus families can be translated". This warning is emited if the argument is equal to NVDIMM_BUS_FAMILY_NFIT == 0. Function acpi_nfit_ctl() first verifies that a user-provided value call_pkg->nd_family of type u64 is not equal to 0. Then the value is converted to int, and only after that is compared to NVDIMM_BUS_FAMILY_MAX. This can lead to passing an invalid argument to acpi_nfit_ctl(), if call_pkg->nd_family is non-zero, while the lower 32 bits are zero. Furthermore, it is best to return EINVAL immediately upon seeing the invalid user input. The WARNING is insufficient to prevent further undefined behavior based on other invalid user input. All checks of the input value should be applied to the original variable call_pkg->nd_family. [iweiny: update commit message]

How severe is CVE-2025-22044?

CVE-2025-22044 has a CVSS score of 5.5/10 (MEDIUM severity). The EPSS model estimates a 0.18% probability of exploitation in the next 30 days.

How do I fix CVE-2025-22044?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.