CVE-2025-40345
BaseFortify
Publication date: 2025-12-12
Last updated on: 2025-12-15
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the Linux kernel's USB storage driver for sddr55 devices. A malicious or bogus device can send a status packet with a new_pba value that exceeds the expected block count. This causes the driver to access memory beyond the valid range (walking off the end of pba_to_lba[]), leading to heap memory corruption. The fix involves rejecting any new_pba values that exceed the computed block count to prevent out-of-range memory access.
How can this vulnerability impact me? :
The vulnerability can lead to heap memory corruption in the Linux kernel when interacting with a malicious USB storage device. This could potentially cause system instability, crashes, or be exploited to execute arbitrary code with kernel privileges, compromising system security.
What immediate steps should I take to mitigate this vulnerability?
Update the Linux kernel to a version that includes the fix for rejecting out-of-bound new_pba values in the usb storage sddr55 driver. This prevents the driver from accepting bogus devices that report invalid block addresses, avoiding heap memory corruption.