CVE-2025-40345EPSS p7.7%

CVE-2025-40345CVE-2025-40345

Description

In the Linux kernel, the following vulnerability has been resolved: usb: storage: sddr55: Reject out-of-bound new_pba Discovered by Atuin - Automated Vulnerability Discovery Engine. new_pba comes from the status packet returned after each write. A bogus device could report values beyond the block count derived from info->capacity, letting the driver walk off the end of pba_to_lba[] and corrupt heap memory. Reject PBAs that exceed the computed block count and fail the transfer so we avoid touching out-of-range mapping entries.

Scoring

EPSS0.18% probability of exploitation · percentile 7.7% · 2026-06-19T12:03:05Z
Last modified2026-06-02

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-68307
CVE
Linux Kernel Out-of-Bounds Access Vulnerability
CVE
CVE-2026-23031
CVE
Linux Kernel Out-of-Bounds Write Vulnerability
CVE
CVE-2025-40005
CVE
Linux Kernel Out-of-Bounds Read Vulnerability
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.