CVE-2025-37984

MEDIUM

Linux Kernel - Integer Overflow in ECDSA Key Size Calculation

Title source: llm

Description

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() Herbert notes that DIV_ROUND_UP() may overflow unnecessarily if an ecdsa implementation's ->key_size() callback returns an unusually large value. Herbert instead suggests (for a division by 8): X / 8 + !!(X & 7) Based on this formula, introduce a generic DIV_ROUND_UP_POW2() macro and use it in lieu of DIV_ROUND_UP() for ->key_size() return values. Additionally, use the macro in ecc_digits_from_bytes(), whose "nbytes" parameter is a ->key_size() return value in some instances, or a user-specified ASN.1 length in the case of ecdsa_get_signature_rs().

References (4)

Core 4

Core References

Patch

https://git.kernel.org/stable/c/f02f0218be412cff1c844addf58e002071be298b

Patch

https://git.kernel.org/stable/c/f2133b849ff273abddb6da622daddd8f6f6fa448

Patch

https://git.kernel.org/stable/c/921b8167f10708e38080f84e195cdc68a7a561f1

Patch

https://git.kernel.org/stable/c/b16510a530d1e6ab9683f04f8fb34f2e0f538275

Scores

CVSS v3 5.5

EPSS 0.0015

EPSS Percentile 4.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-190

Status published

Products (15)

linux/Kernel < 6.6.99linux

linux/Kernel 6.10.0 - 6.14.5linux

linux/Kernel 6.7.0 - 6.12.39linux

Linux/Linux < 6.10

Linux/Linux 55779f26eab9af12474a447001bd17070f055712 - f02f0218be412cff1c844addf58e002071be298b

Linux/Linux 6.10

Linux/Linux 6.12.39 - 6.12.*

Linux/Linux 6.14.5 - 6.14.*

Linux/Linux 6.15

Linux/Linux 6.6.70 - 6.6.99

... and 5 more

Published May 20, 2025

Tracked Since Feb 18, 2026