Description
In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: validate USB endpoints The pegasus driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not have the same urbs the driver will crash later on when it blindly accesses these endpoints.
References (10)
Core 10
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-019113.html
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-082556.html
Scores
CVSS v3
5.5
EPSS
0.0013
EPSS Percentile
2.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
Status
published
Products (30)
linux/Kernel
2.6.12 - 5.10.253linux
linux/Kernel
2.6.12 - 6.1.167linux
linux/Kernel
5.11.0 - 5.15.203linux
linux/Kernel
5.16.0 - 6.1.167linux
linux/Kernel
6.13.0 - 6.18.17linux
linux/Kernel
6.19.0 - 6.19.7linux
linux/Kernel
6.2.0 - 6.6.130linux
linux/Kernel
6.7.0 - 6.12.77linux
Linux/Linux
< 2.6.12
Linux/Linux
1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 11de1d3ae5565ed22ef1f89d73d8f2d00322c699
... and 20 more
Published
Mar 25, 2026
Tracked Since
Mar 25, 2026