CVE-2025-40345
CVE-2025-40345 affects Linux kernel USB storage for the sddr55, where new_pba values from the status packet could exceed the computed block count, causing the driver to walk past pba_to_lba[] and corrupt heap memory. The fix rejects PBAs that exceed the block count and fails the transfer to avoid...