CVE-2025-68724
In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Use check_add_overflow() to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetric_key_id structure and return ERR_PTR(-EOVERFLOW) accordingly. This prevents a possible buffer overflow when copying data from potentially malicious X.509 certificate fields that can be arbitrarily large, such as ASN.1 INTEGER serial numbers, issuer names, etc.
Affected versions
Linux kernel versions
3.18
and later are affected. Fixed in
5.10.248,
5.15.198,
6.1.160,
6.6.120,
6.12.63,
6.17.13,
6.18.2,
6.19
and their respective stable series.
References
The following references provide additional information about CVE-2025-68724 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.
-
PatchKernel patch commithttps://git.kernel.org/stable/c/5b8ac617c8dab5cad3c4dc8d84d0987808a0f99c
-
PatchKernel patch commithttps://git.kernel.org/stable/c/60a7be5ee74408147e439164ac067e418ca74bb4
-
PatchKernel patch commithttps://git.kernel.org/stable/c/6af753ac5205115e6c310c8c4236c01b59a1c44f
Frequently asked questions
-
What is CVE-2025-68724?
CVE-2025-68724 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 3.18 onward and has been patched in 5.10.248, 5.15.198, 6.1.160 and others. CVE-2025-68724 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
-
Is there a patch available for CVE-2025-68724?
Yes — CVE-2025-68724 has been patched. Fixed versions include 5.10.248, 5.15.198, 6.1.160 and others. If you are running Linux kernel 3.18 or later up to the fix versions, apply the relevant patch for your kernel branch.
-
Is CVE-2025-68724 actively exploited?
No — CVE-2025-68724 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.