CVE-2025-40345

NONE EPSS 7.7%
Published Dec 12, 20256mo ago · Modified Jun 17, 20262w ago
Find Similar
Published Dec 12, 2025 6mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: usb: storage: sddr55: Reject out-of-bound new_pba Discovered by Atuin - Automated Vulnerability Discovery Engine. new_pba comes from the status packet returned after each write. A bogus device could report values beyond the block count derived from info->capacity, letting the driver walk off the end of pba_to_lba[] and corrupt heap memory. Reject PBAs that exceed the computed block count and fail the transfer so we avoid touching out-of-range mapping entries.

Threat Intelligence

EPSS Exploit Probability
7.7% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

References 8

  • cert-portal.siemens.com https://cert-portal.siemens.com/productcert/html/ssa-253495.html
  • git.kernel.org https://git.kernel.org/stable/c/04a8a6393f3f2f471e05eacca33282dd30b01432
  • git.kernel.org https://git.kernel.org/stable/c/26e9b5da3231da7dc357b363883b5b7b51a64092
  • git.kernel.org https://git.kernel.org/stable/c/5ebe8d479aaf4f41ac35e6955332304193c646f6
  • git.kernel.org https://git.kernel.org/stable/c/a20f1dd19d21dcb70140ea5a71b1f8cbe0c7e68f
  • git.kernel.org https://git.kernel.org/stable/c/aa64e0e17e3a5991a25e6a46007770c629039869
  • git.kernel.org https://git.kernel.org/stable/c/b59d4fda7e7d0aff1043a7f742487cb829f5aac1
  • git.kernel.org https://git.kernel.org/stable/c/d00a6c04a502cd52425dbf35588732c652b16490

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.