Integer Overflow in Linux Kernel's MTD Character Driver Exposes Systems
CVE-2025-68237

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 16 December 2025

What is CVE-2025-68237?

A vulnerability in the Linux Kernel's MTD character driver allows for potential integer overflow due to improper handling of user-provided 'req.start' and 'req.len' values. Although 'req.len' is capped at U32_MAX, the 'req.start' variable can reach up to U64_MAX, presenting a risk of overflow when combined. This flaw can potentially lead to unexpected behaviors or system exploits. The vulnerability has been addressed using the function check_add_overflow() to prevent such occurrences.

Affected Version(s)

Linux 6420ac0af95dbcb2fd8452e2d551ab50e1bbad83

Linux 6420ac0af95dbcb2fd8452e2d551ab50e1bbad83 < 457376c6fbf0c69326a9bf1f72416225f681192b

Linux 6420ac0af95dbcb2fd8452e2d551ab50e1bbad83

References

https://git.kernel.org/stable/c/f37efdd97fd1ec3e0d0f1eec2...

https://git.kernel.org/stable/c/457376c6fbf0c69326a9bf1f7...

https://git.kernel.org/stable/c/eb9361484814fb12f3b7544b3...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 16, 2025
Vulnerability Reserved
Dec 16, 2025

JSON