CVE-2025-40345

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: storage: sddr55: Reject out-of-bound new_pba<br /> <br /> Discovered by Atuin - Automated Vulnerability Discovery Engine.<br /> <br /> new_pba comes from the status packet returned after each write.<br /> A bogus device could report values beyond the block count derived<br /> from info-&gt;capacity, letting the driver walk off the end of<br /> pba_to_lba[] and corrupt heap memory.<br /> <br /> Reject PBAs that exceed the computed block count and fail the<br /> transfer so we avoid touching out-of-range mapping entries.