crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id
Summary
| CVE | CVE-2025-68724 |
|---|---|
| State | PUBLISHED |
| Assigner | Linux |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2025-12-24 11:16:01 UTC |
| Updated | 2026-07-14 13:17:59 UTC |
| Description | In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Use check_add_overflow() to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetric_key_id structure and return ERR_PTR(-EOVERFLOW) accordingly. This prevents a possible buffer overflow when copying data from potentially malicious X.509 certificate fields that can be arbitrarily large, such as ASN.1 INTEGER serial numbers, issuer names, etc. |
Risk And Classification
EPSS: 0.001540000 probability, percentile 0.049670000 (date 2026-07-14)
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Linux | Linux | affected 7901c1a8effbe5f89673bfc09d6e37b8f334f1a7 60a7be5ee74408147e439164ac067e418ca74bb4 git | Not specified |
| CNA | Linux | Linux | affected 7901c1a8effbe5f89673bfc09d6e37b8f334f1a7 c13c6e9de91d7f1dd7df756b1fa5a1f968839d76 git | Not specified |
| CNA | Linux | Linux | affected 7901c1a8effbe5f89673bfc09d6e37b8f334f1a7 dfc1613961828745165aec6552c3818fa14ab725 git | Not specified |
| CNA | Linux | Linux | affected 7901c1a8effbe5f89673bfc09d6e37b8f334f1a7 5b8ac617c8dab5cad3c4dc8d84d0987808a0f99c git | Not specified |
| CNA | Linux | Linux | affected 7901c1a8effbe5f89673bfc09d6e37b8f334f1a7 c73be4f51eed98fa0c7c189db8f279e1c86bfbf7 git | Not specified |
| CNA | Linux | Linux | affected 7901c1a8effbe5f89673bfc09d6e37b8f334f1a7 6af753ac5205115e6c310c8c4236c01b59a1c44f git | Not specified |
| CNA | Linux | Linux | affected 7901c1a8effbe5f89673bfc09d6e37b8f334f1a7 b7090a5c153105b9fd221a5a81459ee8cd5babd6 git | Not specified |
| CNA | Linux | Linux | affected 7901c1a8effbe5f89673bfc09d6e37b8f334f1a7 df0845cf447ae1556c3440b8b155de0926cbaa56 git | Not specified |
| CNA | Linux | Linux | affected 3.18 | Not specified |
| CNA | Linux | Linux | unaffected 3.18 semver | Not specified |
| CNA | Linux | Linux | unaffected 5.10.248 5.10.* semver | Not specified |
| CNA | Linux | Linux | unaffected 5.15.198 5.15.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.1.160 6.1.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.6.120 6.6.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.12.63 6.12.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.17.13 6.17.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.18.2 6.18.* semver | Not specified |
| CNA | Linux | Linux | unaffected 6.19 * original_commit_for_fix | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.6 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.6 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | affected V3.1.6 * custom | Not specified |
| ADP | Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP | affected V3.1.6 * custom | Not specified |
| ADP | Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP | affected V3.1.6 * custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.kernel.org/stable/c/dfc1613961828745165aec6552c3818fa14ab725 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/b7090a5c153105b9fd221a5a81459ee8cd5babd6 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| cert-portal.siemens.com/productcert/html/ssa-019113.html | 0b142b55-0307-4c5a-b3c9-f314f3fb7c5e | cert-portal.siemens.com | |
| git.kernel.org/stable/c/df0845cf447ae1556c3440b8b155de0926cbaa56 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/60a7be5ee74408147e439164ac067e418ca74bb4 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/c73be4f51eed98fa0c7c189db8f279e1c86bfbf7 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/c13c6e9de91d7f1dd7df756b1fa5a1f968839d76 | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/6af753ac5205115e6c310c8c4236c01b59a1c44f | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| git.kernel.org/stable/c/5b8ac617c8dab5cad3c4dc8d84d0987808a0f99c | 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | git.kernel.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.