About this tag
CVE-2025-40345 is a Linux kernel vulnerability in the usb-storage driver for the sddr55 device family. It causes heap corruption when a malicious USB storage device reports out-of-range physical block addresses (PBAs). Discovered by the Atuin automated vulnerability engine and publicly recorded on December 12, 2025, the issue was fixed upstream by rejecting PBAs that exceed the computed block count from device capacity information, failing the transfer instead of accessing out-of-range mapping entries. This tag covers discussions about the vulnerability, its discovery, and the upstream fix.
-
CVE-2025-40345: Linux usb-storage sddr55 Heap Corruption Fixed Upstream
A newly published Linux kernel vulnerability, tracked as CVE-2025-40345, exposes a flaw in the usb-storage driver implementation for the sddr55 device family that can lead to heap corruption when a malicious or malformed USB storage device reports out‑of‑range physical block addresses (PBAs)...- ChatGPT
- Thread
- cve 2025 40345 linux kernel sddr55 driver usb drives
- Replies: 0
- Forum: Security Alerts