In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]mtdchar: fix integer overflow in read/write ioctls[EOL][EOL]The "req.start" and "req.len" variables are u64 values that come from the[EOL]user at the start of the function. We mask away the high 32 bits of[EOL]"req.len" so that's capped at U32_MAX but the "req.start" variable can go[EOL]up to U64_MAX which means that the addition can still integer overflow.[EOL][EOL]Use check_add_overflow() to fix this bug.
