PT-2025-22267 · Linux+5 · Linux Kernel+5

Herbert

·

Published

2025-02-09

·

Updated

2026-05-26

·

CVE-2025-37984

CVSS v2.0

5.7

Medium

VectorAV:L/AC:H/Au:S/C:P/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)
Description A vulnerability in the Linux kernel has been resolved, specifically in the crypto: ecdsa component. The issue arises from potential integer overflows in the DIV ROUND UP() function, which can occur if an ecdsa implementation's ->key size() callback returns an unusually large value. To address this, a new macro called DIV ROUND UP POW2() has been introduced to replace DIV ROUND UP() for ->key size() return values, providing a more robust calculation method. This macro is also used in the ecc digits from bytes() function, where the "nbytes" parameter can be a ->key size() return value or a user-specified ASN.1 length.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Integer Overflow

Weakness Enumeration

CWE-190

Related Identifiers

BDU:2025-15826
CVE-2025-37984
DSA-5975-1
ECHO-EB1B-9BCD-7928
OESA-2025-1823
OESA-2025-1824
OESA-2025-1870
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:02996-1
SUSE-SU-2025:02997-1
SUSE-SU-2025:03011-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:20577-1
SUSE-SU-2025:20586-1
SUSE-SU-2025:20601-1
SUSE-SU-2025:20602-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
SUSE-SU-2025_02996-1
SUSE-SU-2025_02997-1
SUSE-SU-2025_03011-1
SUSE-SU-2025_03023-1
USN-7594-1
USN-7594-2
USN-7594-3
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Debian
Linuxmint
Linux Kernel
Suse
Ubuntu