CVE-2025-68237

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-68237
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68237.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-68237
Downstream
Related
Published
2025-12-16T14:08:30.940Z
Modified
2026-03-13T03:59:23.411333Z
Summary
mtdchar: fix integer overflow in read/write ioctls
Details

In the Linux kernel, the following vulnerability has been resolved:

mtdchar: fix integer overflow in read/write ioctls

The "req.start" and "req.len" variables are u64 values that come from the user at the start of the function. We mask away the high 32 bits of "req.len" so that's capped at U32MAX but the "req.start" variable can go up to U64MAX which means that the addition can still integer overflow.

Use checkaddoverflow() to fix this bug.

Database specific 
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68237.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
6420ac0af95dbcb2fd8452e2d551ab50e1bbad83
Fixed
f37efdd97fd1ec3e0d0f1eec279c8279e28f981e
Fixed
457376c6fbf0c69326a9bf1f72416225f681192b
Fixed
eb9361484814fb12f3b7544b33835ea67d7a6a97
Fixed
37944f4f8199cd153fef74e95ca268020162f212
Fixed
e4185bed738da755b191aa3f2e16e8b48450e1b8

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68237.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.17.0
Fixed
6.1.159
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.118
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.60
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.17.10

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68237.json"