VDB
DEBIAN-CVE-2025-40345
DEBIAN-CVE-2025-40345
PUBLISHED
In the Linux kernel, the following vulnerability has been resolved: usb: storage: sddr55: Reject out-of-bound new_pba Discovered by Atuin - Automated Vulnerability Discovery Engine. new_pba comes from the status packet returned after each write. A bogus device could report values beyond the block count derived from info->capacity, letting the driver walk off the end of pba_to_lba[] and corrupt heap memory. Reject PBAs that exceed the computed block count and fail the transfer so we avoid touching out-of-range mapping entries.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | linux | 0, 6.1.140-1, 6.1.147-1 |
| Debian:11 | linux-6.1 | 6.1.129-1~deb11u1, 6.1.128-1~deb11u1, 6.1.119-1~deb11u1 |
| Debian:13 | linux | 0, 6.12.41-1, 6.12.43-1 |
| Debian:14 | linux | 6.15-1, 0, 6.12.38-1 |
| Debian:11 | linux | 5.10.216-1, 5.10.221-1, 5.10.223-1 |
Exploit Intelligence
- 4081.3.7.yml (github-poc)
Timeline
- Dec 12, 2025 CVE Published
- Apr 28, 2026 CVE Updated