CVE-2025-37984

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-37984

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37984.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-37984

Downstream

BELL-CVE-2025-37984

DEBIAN-CVE-2025-37984

DSA-5975-1

ECHO-eb1b-9bcd-7928

OESA-2025-1823

OESA-2025-1824

OESA-2025-1870

SUSE-SU-2025:02853-1

SUSE-SU-2025:02923-1

SUSE-SU-2025:02969-1

SUSE-SU-2025:03023-1

UBUNTU-CVE-2025-37984

USN-7594-1

USN-7594-2

USN-7594-3

Related

Published

2025-05-20T18:15:45Z

Modified

2025-08-30T18:01:35Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

crypto: ecdsa - Harden against integer overflows in DIVROUNDUP()

Herbert notes that DIVROUNDUP() may overflow unnecessarily if an ecdsa implementation's ->key_size() callback returns an unusually large value. Herbert instead suggests (for a division by 8):

X / 8 + !!(X & 7)

Based on this formula, introduce a generic DIVROUNDUPPOW2() macro and use it in lieu of DIVROUNDUP() for ->keysize() return values.

Additionally, use the macro in eccdigitsfrombytes(), whose "nbytes" parameter is a ->keysize() return value in some instances, or a user-specified ASN.1 length in the case of ecdsagetsignature_rs().

References

Affected packages