Description

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() Herbert notes that DIV_ROUND_UP() may overflow unnecessarily if an ecdsa implementation's ->key_size() callback returns an unusually large value. Herbert instead suggests (for a division by 8): X / 8 + !!(X & 7) Based on this formula, introduce a generic DIV_ROUND_UP_POW2() macro and use it in lieu of DIV_ROUND_UP() for ->key_size() return values. Additionally, use the macro in ecc_digits_from_bytes(), whose "nbytes" parameter is a ->key_size() return value in some instances, or a user-specified ASN.1 length in the case of ecdsa_get_signature_rs().

INFO

Published Date :

2025-05-20T17:09:18.321Z

Last Modified :

2025-07-25T13:44:56.640Z

Source :

Linux
AFFECTED PRODUCTS

The following products are affected by CVE-2025-37984 vulnerability.

Vendors Products
Linux
  • Linux Kernel
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-37984.

URL Resource
https://git.kernel.org/stable/c/921b8167f10708e38080f84e195cdc68a7a561f1 cve-icon cve-icon
https://git.kernel.org/stable/c/b16510a530d1e6ab9683f04f8fb34f2e0f538275 cve-icon cve-icon
https://git.kernel.org/stable/c/f02f0218be412cff1c844addf58e002071be298b cve-icon cve-icon
https://git.kernel.org/stable/c/f2133b849ff273abddb6da622daddd8f6f6fa448 cve-icon cve-icon
https://lore.kernel.org/linux-cve-announce/2025052037-CVE-2025-37984-be4c@gregkh/T cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-37984 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-37984 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact