← back
CVE-2025-40345

usb: storage: sddr55: Reject out-of-bound new_pba

3Vexday Risk Score

No sign of exploitation. No public exploitation artifact known so far.

ssvc Trackepss 0.2%
exploitation probability
0.2%top 93% of all CVEs
observed exploitation
nono source reports it
In the Linux kernel, the following vulnerability has been resolved: usb: storage: sddr55: Reject out-of-bound new_pba Discovered by Atuin - Automated Vulnerability Discovery Engine. new_pba comes from the status packet returned after each write. A bogus device could report values beyond the block count derived from info->capacity, letting the driver walk off the end of pba_to_lba[] and corrupt heap memory. Reject PBAs that exceed the computed block count and fail the transfer so we avoid touching out-of-range mapping entries.
Affected products
Linux · Linux