CVE-2025-68237

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> mtdchar: fix integer overflow in read/write ioctls<br /> <br /> The "req.start" and "req.len" variables are u64 values that come from the<br /> user at the start of the function. We mask away the high 32 bits of<br /> "req.len" so that&amp;#39;s capped at U32_MAX but the "req.start" variable can go<br /> up to U64_MAX which means that the addition can still integer overflow.<br /> <br /> Use check_add_overflow() to fix this bug.