Linux Kernel Vulnerability in USB Storage Devices
CVE-2025-40345
What is CVE-2025-40345?
A vulnerability has been identified in the Linux kernel affecting the USB storage driver for the sddr55 device. This issue arises when bogus devices report new_pba values that exceed the actual block count derived from the device's capacity. As a result, the driver may inadvertently access memory allocations beyond the intended bounds, leading to potential heap memory corruption. The issue can be mitigated by implementing checks to reject PBAs that exceed the allowed block count, thereby preventing out-of-range accesses and ensuring data integrity during write operations.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 26e9b5da3231da7dc357b363883b5b7b51a64092
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2