{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-30T08:49:12.136","vulnerabilities":[{"cve":{"id":"CVE-2025-40118","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-11-12T11:15:41.117","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod\n\nSince commit f7b705c238d1 (\"scsi: pm80xx: Set phy_attached to zero when\ndevice is gone\") UBSAN reports:\n\n  UBSAN: array-index-out-of-bounds in drivers/scsi/pm8001/pm8001_sas.c:786:17\n  index 28 is out of range for type 'pm8001_phy [16]'\n\non rmmod when using an expander.\n\nFor a direct attached device, attached_phy contains the local phy id.\nFor a device behind an expander, attached_phy contains the remote phy\nid, not the local phy id.\n\nI.e. while pm8001_ha will have pm8001_ha->chip->n_phy local phys, for a\ndevice behind an expander, attached_phy can be much larger than\npm8001_ha->chip->n_phy (depending on the amount of phys of the\nexpander).\n\nE.g. on my system pm8001_ha has 8 phys with phy ids 0-7.  One of the\nports has an expander connected.  The expander has 31 phys with phy ids\n0-30.\n\nThe pm8001_ha->phy array only contains the phys of the HBA.  It does not\ncontain the phys of the expander.  Thus, it is wrong to use attached_phy\nto index the pm8001_ha->phy array for a device behind an expander.\n\nThus, we can only clear phy_attached for devices that are directly\nattached."}],"metrics":{},"references":[{"url":"https://git.kernel.org/stable/c/251be2f6037fb7ab399f68cd7428ff274133d693","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/45acbf154befedd9bc135f5e031fe7855d1e6493","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/83ced3c206c292458e47c7fac54223abc7141585","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9326a1541e1b7ed3efdbab72061b82cf01c6477a","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/9c671d4dbfbfb0d73cfdfb706afb36d9ad60a582","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d94be0a6ae9ade706d4270e740bdb4f79953a7fc","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/e62251954a128a2d0fcbc19e5fa39e08935bb628","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/eef5ef400893f8e3dbb09342583be0cdc716d566","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"}]}}]}