CVE-2025-68724
Unknown Unknown - Not Provided
Integer Overflow in Linux Kernel Asymmetric Keys Causes Buffer Overflow

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Use check_add_overflow() to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetric_key_id structure and return ERR_PTR(-EOVERFLOW) accordingly. This prevents a possible buffer overflow when copying data from potentially malicious X.509 certificate fields that can be arbitrarily large, such as ASN.1 INTEGER serial numbers, issuer names, etc.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-14
NVD
CVE-2025-68724
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an integer overflow issue in the Linux kernel's asymmetric_keys component. It occurs when adding lengths of binary blobs and the size of an asymmetric_key_id structure without proper overflow checks. This can lead to a buffer overflow when copying data from potentially malicious X.509 certificate fields that may be arbitrarily large, such as ASN.1 INTEGER serial numbers or issuer names. The fix involves using check_add_overflow() to prevent this overflow and return an error if it occurs.

Impact Analysis

This vulnerability can lead to a buffer overflow in the Linux kernel when processing certain X.509 certificate fields. Exploiting this could allow an attacker to cause memory corruption, potentially leading to system crashes, denial of service, or even arbitrary code execution with kernel privileges.

Mitigation Strategies

Apply the patch or update to a Linux kernel version that includes the fix for this vulnerability, which prevents integer overflow in asymmetric_key_generate_id by using check_add_overflow(). This will prevent possible buffer overflows when processing potentially malicious X.509 certificate fields.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-68724. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart