VDB

DEBIAN-CVE-2025-68237

DEBIAN-CVE-2025-68237 PUBLISHED CVSS 9.300000190734863 CRITICAL

In the Linux kernel, the following vulnerability has been resolved: mtdchar: fix integer overflow in read/write ioctls The "req.start" and "req.len" variables are u64 values that come from the user at the start of the function. We mask away the high 32 bits of "req.len" so that's capped at U32_MAX but the "req.start" variable can go up to U64_MAX which means that the addition can still integer overflow. Use check_add_overflow() to fix this bug.

Risk Scores

CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

VendorProductVersions
Debian:12linux0, 6.1.147-1, 6.1.124-1
Debian:13linux6.12.43-1, 0, 6.12.38-1
Debian:11linux-6.10, 6.1.106-3~deb11u1, 6.1.106-3~deb11u2
Debian:14linux6.13.4-1, 6.13.3-1, 6.13.2-1

Exploit Intelligence

Timeline

  • Dec 16, 2025 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›