CVE-2025-68794Integer Underflow (Wrap or Wraparound) in Linux

CWE-191Integer Underflow (Wrap or Wraparound)14 documents7 sources
Severity
6.4MEDIUM
No vector
EPSS
0.0%
top 92.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
LinuxLinux KernelDebian Linux+10 more
Timeline
PublishedJan 13
Latest updateApr 17

Description

In the Linux kernel, the following vulnerability has been resolved: iomap: adjust read range correctly for non-block-aligned positions iomap_adjust_read_range() assumes that the position and length passed in are block-aligned. This is not always the case however, as shown in the syzbot generated case for erofs. This causes too many bytes to be skipped for uptodate blocks, which results in returning the incorrect position and length to read in. If all the blocks are uptodate, this underflows le

Affected Packages14 packages

Linuxlinux/linux_kernel4.19.06.6.120+2
Debianlinux/linux_kernel< 6.12.69-1+1
CVEListV5linux/linux9dc55f1389f9569acf9659e58dd836a9c70df21782b60ffbb532d919959702768dca04c3c0500ae5+4
debiandebian/linux< linux 6.18.3-1 (forky)

🔴Vulnerability Details

3
OSV
CVE-2025-68794: In the Linux kernel, the following vulnerability has been resolved: iomap: adjust read range correctly for non-block-aligned positions iomap_adjust_re2026-01-13
GHSA
GHSA-3c24-c79w-qw24: In the Linux kernel, the following vulnerability has been resolved: iomap: adjust read range correctly for non-block-aligned positions iomap_adjust_2026-01-13
OSV
iomap: adjust read range correctly for non-block-aligned positions2026-01-13

📋Vendor Advisories

9
Ubuntu
Linux kernel (GCP) vulnerabilities2026-04-17
Ubuntu
Linux kernel (FIPS) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel (Real-time) vulnerabilities2026-04-17
Ubuntu
Linux kernel (NVIDIA) vulnerabilities2026-04-17

🕵️Threat Intelligence

1
Wiz
CVE-2025-68794 Impact, Exploitability, and Mitigation Steps | Wiz