#VU120119 Integer overflow in Linux kernel - CVE-2025-68237
Published: December 16, 2025
Vulnerability identifier: #VU120119
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-68237
CWE-ID: CWE-190
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to integer overflow within the mtdchar_write_ioctl() and mtdchar_read_ioctl() functions in drivers/mtd/mtdchar.c. A local user can execute arbitrary code.
Remediation
Install update from vendor's repository.
External links
- https://git.kernel.org/stable/c/37944f4f8199cd153fef74e95ca268020162f212
- https://git.kernel.org/stable/c/457376c6fbf0c69326a9bf1f72416225f681192b
- https://git.kernel.org/stable/c/e4185bed738da755b191aa3f2e16e8b48450e1b8
- https://git.kernel.org/stable/c/eb9361484814fb12f3b7544b33835ea67d7a6a97
- https://git.kernel.org/stable/c/f37efdd97fd1ec3e0d0f1eec279c8279e28f981e