CVE-2025-68217
Published: Dec 16, 2025
Modified: May 11, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: Input: pegasus-notetaker - fix potential out-of-bounds access In the pegasus_notetaker driver, the pegasus_probe() function allocates the URB transfer buffer using the wMaxPacketSize value from the endpoint descriptor. An attacker can use a malicious USB descriptor to force the allocation of a very small buffer. Subsequently, if the device sends an interrupt packet with a specific pattern (e.g., where the first byte is 0x80 or 0x42), the pegasus_parse_packet() function parses the packet without checking the allocated buffer size. This leads to an out-of-bounds memory access.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 1afca2b66aac7ac262d3511c68725e9e7053b40f - < c4e746651bd74c38f581e1cf31651119a94de8cdaffected 1afca2b66aac7ac262d3511c68725e9e7053b40f - < 36bc92b838ff72f62f2c17751a9013b29ead2513affected 1afca2b66aac7ac262d3511c68725e9e7053b40f - < 015b719962696b793997e8deefac019f816aca77affected 1afca2b66aac7ac262d3511c68725e9e7053b40f - < 084264e10e2ae8938a54355123ad977eb9df56d6affected 1afca2b66aac7ac262d3511c68725e9e7053b40f - < d344ea1baf1946c90f0cd6f9daeb5f3e0a0ca479+3 more versions |
Linux | Linux | affected 4.8unaffected 0 - < 4.8unaffected 5.4.302 - <= 5.4.*unaffected 5.10.247 - <= 5.10.*unaffected 5.15.197 - <= 5.15.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now