CVE-2025-68724
Integer Overflow in Linux Kernel Asymmetric Keys Causes Buffer Overflow
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an integer overflow issue in the Linux kernel's asymmetric_keys component. It occurs when adding lengths of binary blobs and the size of an asymmetric_key_id structure without proper overflow checks. This can lead to a buffer overflow when copying data from potentially malicious X.509 certificate fields that may be arbitrarily large, such as ASN.1 INTEGER serial numbers or issuer names. The fix involves using check_add_overflow() to prevent this overflow and return an error if it occurs.
How can this vulnerability impact me? :
This vulnerability can lead to a buffer overflow in the Linux kernel when processing certain X.509 certificate fields. Exploiting this could allow an attacker to cause memory corruption, potentially leading to system crashes, denial of service, or even arbitrary code execution with kernel privileges.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to a Linux kernel version that includes the fix for this vulnerability, which prevents integer overflow in asymmetric_key_generate_id by using check_add_overflow(). This will prevent possible buffer overflows when processing potentially malicious X.509 certificate fields.