CVE-2025-68763

Summary

In the Linux kernel, the following vulnerability has been resolved:

crypto: starfive - Correctly handle return of sg_nents_for_len

The return value of sg_nents_for_len was assigned to an unsigned long in starfive_hash_digest, causing negative error codes to be converted to large positive integers.

Add error checking for sg_nents_for_len and return immediately on failure to prevent potential buffer overflows.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7883d1b28a2b0e62edcacea22de6b36a1918b15a < 6cd14414394b4f3d6e1ed64b8241d1fcc2271820affected
LinuxLinux7883d1b28a2b0e62edcacea22de6b36a1918b15a < 0c3854d65cc4402cb8c52d4d773450a06efecab6affected
LinuxLinux7883d1b28a2b0e62edcacea22de6b36a1918b15a < 1af5c973dd744e29fa22121f43e8646b7a7a71a7affected
LinuxLinux7883d1b28a2b0e62edcacea22de6b36a1918b15a < 9b3f71cf02e04cfaa482155e3078707fe7f8aef4affected
LinuxLinux7883d1b28a2b0e62edcacea22de6b36a1918b15a < e9eb52037a529fbb307c290e9951a62dd728b03daffected
LinuxLinux6.5affected
LinuxLinux0 < 6.5unaffected
LinuxLinux6.6.120 <= 6.6.*unaffected
LinuxLinux6.12.63 <= 6.12.*unaffected
LinuxLinux6.17.13 <= 6.17.*unaffected
LinuxLinux6.18.2 <= 6.18.*unaffected
LinuxLinux6.19 <= *unaffected

Weaknesses

References