VYPR
Unrated severityNVD Advisory· Published Dec 12, 2025· Updated Jun 2, 2026

CVE-2025-40345

CVE-2025-40345

Description

In the Linux kernel, the following vulnerability has been resolved:

usb: storage: sddr55: Reject out-of-bound new_pba

Discovered by Atuin - Automated Vulnerability Discovery Engine.

new_pba comes from the status packet returned after each write. A bogus device could report values beyond the block count derived from info->capacity, letting the driver walk off the end of pba_to_lba[] and corrupt heap memory.

Reject PBAs that exceed the computed block count and fail the transfer so we avoid touching out-of-range mapping entries.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

112

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.

CVE-2025-40345 · VYPR