CVE-2025-37984
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-37984
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37984.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-37984
- Downstream
- Related
- Published
- 2025-05-20T17:09:18Z
- Modified
- 2025-10-10T11:26:19.814196Z
- Summary
- crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
crypto: ecdsa - Harden against integer overflows in DIVROUNDUP()
Herbert notes that DIVROUNDUP() may overflow unnecessarily if an ecdsa implementation's ->key_size() callback returns an unusually large value. Herbert instead suggests (for a division by 8):
X / 8 + !!(X & 7)
Based on this formula, introduce a generic DIVROUNDUPPOW2() macro and use it in lieu of DIVROUNDUP() for ->keysize() return values.
Additionally, use the macro in eccdigitsfrombytes(), whose "nbytes" parameter is a ->keysize() return value in some instances, or a user-specified ASN.1 length in the case of ecdsagetsignature_rs().
- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/921b8167f10708e38080f84e195cdc68a7a561f1
- https://git.kernel.org/stable/c/b16510a530d1e6ab9683f04f8fb34f2e0f538275
- https://git.kernel.org/stable/c/f02f0218be412cff1c844addf58e002071be298b
- https://git.kernel.org/stable/c/f2133b849ff273abddb6da622daddd8f6f6fa448
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced55779f26eab9af12474a447001bd17070f055712Fixedf02f0218be412cff1c844addf58e002071be298b
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc6ab5c915da460c0397960af3c308386c3f3247bFixedf2133b849ff273abddb6da622daddd8f6f6fa448
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc6ab5c915da460c0397960af3c308386c3f3247bFixed921b8167f10708e38080f84e195cdc68a7a561f1
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introducedc6ab5c915da460c0397960af3c308386c3f3247bFixedb16510a530d1e6ab9683f04f8fb34f2e0f538275
Affected versions
v6.*
v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.36
v6.12.37
v6.12.38
v6.12.4
v6.12.5
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.14.1
v6.14.2
v6.14.3
v6.14.4
v6.6.70
v6.6.71
v6.6.72
v6.6.73
v6.6.74
v6.6.75
v6.6.76
v6.6.77
v6.6.78
v6.6.79
v6.6.80
v6.6.81
v6.6.82
v6.6.83
v6.6.84
v6.6.85
v6.6.86
v6.6.87
v6.6.88
v6.6.89
v6.6.90
v6.6.91
v6.6.92
v6.6.93
v6.6.94
v6.6.95
v6.6.96
v6.6.97
v6.6.98
v6.9
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7