CVE-2025-22044

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> acpi: nfit: fix narrowing conversion in acpi_nfit_ctl<br /> <br /> Syzkaller has reported a warning in to_nfit_bus_uuid(): "only secondary<br /> bus families can be translated". This warning is emited if the argument<br /> is equal to NVDIMM_BUS_FAMILY_NFIT == 0. Function acpi_nfit_ctl() first<br /> verifies that a user-provided value call_pkg-&gt;nd_family of type u64 is<br /> not equal to 0. Then the value is converted to int, and only after that<br /> is compared to NVDIMM_BUS_FAMILY_MAX. This can lead to passing an invalid<br /> argument to acpi_nfit_ctl(), if call_pkg-&gt;nd_family is non-zero, while<br /> the lower 32 bits are zero.<br /> <br /> Furthermore, it is best to return EINVAL immediately upon seeing the<br /> invalid user input. The WARNING is insufficient to prevent further<br /> undefined behavior based on other invalid user input.<br /> <br /> All checks of the input value should be applied to the original variable<br /> call_pkg-&gt;nd_family.<br /> <br /> [iweiny: update commit message]