9 matches found
CVE-2026-43156
The CVE-2026-43156 entry affects the Linux kernel USB Pegasus driver. The root cause is that pegasus_probe() built URBs using hardcoded endpoint pipes (RX bulk 1, TX bulk 2, status interrupt 3) without validating endpoint descriptors, allowing a malformed USB device to present endpoints with mism...
CVE-2026-43156
In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: enable basic endpoint checking pegasusprobe fills URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usbrcvbulkpipedev, 1 for RX data - usbsndbulkpipedev, 2 for TX data -...
Linux Distros Unpatched Vulnerability : CVE-2026-43156
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: usb: pegasus: enable basic endpoint checking pegasusprobe fills URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: -...
OESA-2026-1861 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: apparmor: fix unprivileged local user can do privileged policy management An unprivileged local user can load, replace, and remove profiles by opening the...
CVE-2026-23290
In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: validate USB endpoints The pegasus driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not...
CVE-2026-23290
In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: validate USB endpoints The pegasus driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not...
CVE-2026-23021 net: usb: pegasus: fix memory leak in update_eth_regs_async()
In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fix memory leak in updateethregsasync When asynchronously writing to the device registers and if usbsubmiturb fail, the code fail to release allocated to this point resources...
CVE-2026-23021
In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fix memory leak in updateethregsasync When asynchronously writing to the device registers and if usbsubmiturb fail, the code fail to release allocated to this point resources...
The vulnerability of the Linux operating system, which allows a perpetrator to trigger a service failure or cause other effects
The vulnerability in the driver drivers/net/usb/pegasus.c of the Linux operating system arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability allows a local attacker to improperly interact with the CONFIGVMAPSTACK parameter, resulting in a servic...