Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fixed a memory leak in updateeth regs async When writing to the device registers asynchronously, and if usbsubmiturb fails, the code fails to release the resources allocated for this process...

CVE-2026-43156

A flaw was found in the Linux kernel's USB Pegasus driver. This vulnerability allows a local attacker to use a specially crafted USB device to bypass expected endpoint checks. By presenting unexpected transfer types, the malicious device could trigger a system assertion, potentially leading to a...

EUVD-2026-27715

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: enable basic endpoint checking pegasusprobe fills URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usbrcvbulkpipedev, 1 for RX data - usbsndbulkpipedev, 2 for TX data -...

CVE-2026-43156

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: enable basic endpoint checking pegasusprobe fills URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usbrcvbulkpipedev, 1 for RX data - usbsndbulkpipedev, 2 for TX data -...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the pegasus driver’s failure to verify endpoint descriptors. This vulnerability may allow endpoin...

CVE-2026-23290

A flaw was found in the Linux kernel's pegasus driver. A malicious USB device can exploit this vulnerability by not presenting the expected number and types of USB endpoints. This lack of proper validation causes the driver to blindly access uninitialized endpoints, leading to a system crash and ...

SUSE CVE-2026-23290

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: validate USB endpoints The pegasus driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not...

EUVD-2026-15219

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: validate USB endpoints The pegasus driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not...

CVE-2026-23290

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: validate USB endpoints The pegasus driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not...

CVE-2026-23290

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: validate USB endpoints The pegasus driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not...

UBUNTU-CVE-2026-23290

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: validate USB endpoints The pegasus driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not...

CVE-2026-23290 net: usb: pegasus: validate USB endpoints

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: validate USB endpoints The pegasus driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not...

CVE-2026-23290

CVE-2026-23290 affects the Linux kernel’s USB pegasus driver: it validates endpoints before bind, preventing binding if the device lacks expected URBs. Exploitation is LOCAL with LOW PRV requirement; impact is a potential crash/denial due to access to endpoints. The issue has been fixed upstream ...

CVE-2026-23290 net: usb: pegasus: validate USB endpoints

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: validate USB endpoints The pegasus driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not...

Linux Distros Unpatched Vulnerability : CVE-2026-23290

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: usb: pegasus: validate USB endpoints The pegasus driver should validate that the device it is probing has the proper number and types of USB endpoints it i...

CVE-2026-23021

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fix memory leak in updateethregsasync When asynchronously writing to the device registers and if usbsubmiturb fail, the code fail to release allocated to this point resources...

CVE-2026-23021

CVE-2026-23021 affects the Linux kernel component: net: usb: pegasus. The memory leak occurs in update_eth_regs_async() when usb_submit_urb() fails, failing to release resources allocated up to that point. Public advisories indicate upstream kernel fixes (e.g., 6.6.130 lineage and related patches...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001176)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001176 advisory. drivers/net/usb/pegasus.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIGVMAPSTACK option, which allows local users to cause a denial o...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003301)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003301 advisory. drivers/net/usb/pegasus.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIGVMAPSTACK option, which allows local users to cause a denial o...

PT-2026-27655

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The pegasus driver does not validate the number and types of USB endpoints a device has before binding to it. A malicious device lacking expected USB endpoints can cause the driver to...