Description
In the Linux kernel, the following vulnerability has been resolved:
crypto: starfive - Correctly handle return of sg_nents_for_len
The return value of sg_nents_for_len was assigned to an unsigned long
in starfive_hash_digest, causing negative error codes to be converted
to large positive integers.
Add error checking for sg_nents_for_len and return immediately on
failure to prevent potential buffer overflows.
crypto: starfive - Correctly handle return of sg_nents_for_len
The return value of sg_nents_for_len was assigned to an unsigned long
in starfive_hash_digest, causing negative error codes to be converted
to large positive integers.
Add error checking for sg_nents_for_len and return immediately on
failure to prevent potential buffer overflows.
Published:
2026-01-05
Score:
n/a
EPSS:
< 1% Very Low
KEV:
No
Impact:
n/a
Action:
n/a
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux | unaffected |
|
||||||||||||||||||||||||
| Linux | Linux | affected |
|
No data.
No data.
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Ubuntu USN |
USN-8094-1 | Linux kernel vulnerabilities |
| Ubuntu USN |
USN-8094-2 | Linux kernel vulnerabilities |
| Ubuntu USN |
USN-8094-3 | Linux kernel (Real-time) vulnerabilities |
| Ubuntu USN |
USN-8094-4 | Linux kernel (Azure) vulnerabilities |
| Ubuntu USN |
USN-8094-5 | Linux kernel (Raspberry Pi) vulnerabilities |
| Ubuntu USN |
USN-8152-1 | Linux kernel (OEM) vulnerabilities |
References
History
Sun, 11 Jan 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Mon, 05 Jan 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
|
Mon, 05 Jan 2026 10:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | In the Linux kernel, the following vulnerability has been resolved: crypto: starfive - Correctly handle return of sg_nents_for_len The return value of sg_nents_for_len was assigned to an unsigned long in starfive_hash_digest, causing negative error codes to be converted to large positive integers. Add error checking for sg_nents_for_len and return immediately on failure to prevent potential buffer overflows. | |
| Title | crypto: starfive - Correctly handle return of sg_nents_for_len | |
| First Time appeared |
Linux
Linux linux Kernel |
|
| CPEs | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Linux
Linux linux Kernel |
|
| References |
|
MITRE
Status: PUBLISHED
Assigner: Linux
Published:
Updated: 2026-02-09T08:33:07.993Z
Reserved: 2025-12-24T10:30:51.034Z
Link: CVE-2025-68763
Vulnrichment
No data.
NVD
Status : Awaiting Analysis
Published: 2026-01-05T10:15:57.467
Modified: 2026-01-11T17:15:58.633
Link: CVE-2025-68763
Redhat
OpenCVE Enrichment
No data.
Weaknesses
No weakness.