Integer Overflow Vulnerability in Linux Kernel's ECDSA Implementation
CVE-2025-37984

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 20 May 2025

What is CVE-2025-37984?

A vulnerability exists within the Linux kernel related to the ECDSA implementation that can lead to integer overflow due to improper handling of key sizes. Specifically, if an ECDSA implementation's ->key_size() callback returns a notably large value, the DIV_ROUND_UP() function could overflow. To mitigate this, a suggestion has been made to replace DIV_ROUND_UP() with a new macro, DIV_ROUND_UP_POW2(), which ensures safer calculations for key sizes. This fix is crucial for maintaining the integrity and security of cryptographic operations in affected versions of the Linux kernel.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 921b8167f10708e38080f84e195cdc68a7a561f1

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 6.14.5 <= 6.14.*

References

https://git.kernel.org/stable/c/921b8167f10708e38080f84e1...

https://git.kernel.org/stable/c/b16510a530d1e6ab9683f04f8...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 20, 2025
Vulnerability Reserved
Apr 16, 2025