SB20251216163 - Integer overflow in Linux kernel mtd driver
Published: December 16, 2025
Security Bulletin ID
SB20251216163
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Integer overflow (CVE-ID: CVE-2025-68237)
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the mtdchar_write_ioctl() and mtdchar_read_ioctl() functions in drivers/mtd/mtdchar.c. A local user can execute arbitrary code.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/stable/c/37944f4f8199cd153fef74e95ca268020162f212
- https://git.kernel.org/stable/c/457376c6fbf0c69326a9bf1f72416225f681192b
- https://git.kernel.org/stable/c/e4185bed738da755b191aa3f2e16e8b48450e1b8
- https://git.kernel.org/stable/c/eb9361484814fb12f3b7544b33835ea67d7a6a97
- https://git.kernel.org/stable/c/f37efdd97fd1ec3e0d0f1eec279c8279e28f981e