CVE-2025-40118 — Out-of-bounds Read in Linux

CWE-125 — Out-of-bounds Read54 documents6 sources

Severity

7.8HIGHOSV

OSV5.5OSV3.2

No vector

EPSS

0.0%

top 87.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +1 more

Timeline

PublishedNov 12

Latest updateApr 13

Description

In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod Since commit f7b705c238d1 ("scsi: pm80xx: Set phy_attached to zero when device is gone") UBSAN reports: UBSAN: array-index-out-of-bounds in drivers/scsi/pm8001/pm8001_sas.c:786:17 index 28 is out of range for type 'pm8001_phy [16]' on rmmod when using an expander. For a direct attached device, attached_phy contains the local phy id. For a device behind an expander, att…

Affected Packages6 packages

▶Linuxlinux/linux_kernel5.5.0 — 5.10.246+6

▶Debianlinux/linux_kernel< 5.10.247-1+3

▶Ubuntulinux/linux_kernel< 5.15.0-170.180+2

▶CVEListV5linux/linux05b512879eab41faa515b67fa3896d0005e97909 — d94be0a6ae9ade706d4270e740bdb4f79953a7fc+9

▶debiandebian/linux< linux 6.1.158-1 (bookworm)

🔴Vulnerability Details

OSV

linux-raspi vulnerabilities↗2026-04-01

▶

OSV

linux-raspi, linux-raspi-realtime vulnerabilities↗2026-04-01

▶

OSV

linux-azure-6.8 vulnerabilities↗2026-03-25

▶

OSV

linux-azure vulnerabilities↗2026-03-25

▶

OSV

linux-aws-6.8 vulnerabilities↗2026-03-23

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-04-13

▶

Ubuntu

Linux kernel (Azure FIPS) vulnerabilities↗2026-04-09

▶

Ubuntu

Linux kernel (Azure FIPS) vulnerabilities↗2026-04-09

▶

Ubuntu

Linux kernel (Raspberry Pi) vulnerabilities↗2026-04-01

▶

Ubuntu

Linux kernel (Raspberry Pi) vulnerabilities↗2026-04-01

▶