CVE-2025-68237
BaseFortify
Publication date: 2025-12-16
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an integer overflow issue in the Linux kernel's mtdchar driver related to read/write ioctl operations. Specifically, the variables 'req.start' and 'req.len' are 64-bit unsigned integers provided by the user. While 'req.len' is capped at a 32-bit maximum by masking its high bits, 'req.start' can still be as large as the maximum 64-bit value. When adding these two values, an integer overflow can occur, potentially leading to incorrect behavior. The fix involves using a function called check_add_overflow() to properly detect and prevent this overflow.
How can this vulnerability impact me? :
An integer overflow in kernel code can lead to unexpected behavior such as memory corruption, crashes, or security issues like privilege escalation or arbitrary code execution. Since this vulnerability occurs in the Linux kernel's mtdchar driver during read/write ioctl operations, it could potentially be exploited by a local user to cause system instability or escalate privileges.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch or update to the fixed Linux kernel version that includes the fix for the integer overflow in mtdchar read/write ioctls. Specifically, ensure your kernel uses check_add_overflow() to prevent the integer overflow issue.