FKIE_CVE-2026-23290

Vulnerability from fkie_nvd - Published: 2026-03-25 11:16 - Updated: 2026-04-18 09:16
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: validate USB endpoints The pegasus driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not have the same urbs the driver will crash later on when it blindly accesses these endpoints.
References
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/11de1d3ae5565ed22ef1f89d73d8f2d00322c699
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/43d7c4114b1ec14f41f09306525d3b9382286fc1
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/7f8505c7ce3f186ef9d2495f3c0bd6ad6fce999f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/95556b4e879711693c9865ba0938c148f62d5ea4
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/af7369ae572f53cb701731a4289ec3b3889bc501
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/c3f1672eaea68c5cb6e1ec081cdb92045453218f
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/d5d9086211877361f1bda44a0aec538ddb04042a
416baaa9-dc9f-4396-8d5f-8c081fb06d67https://git.kernel.org/stable/c/ee31ec8cf1eafeefa85ef934ba688d27f88bf0e2
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: pegasus: validate USB endpoints\n\nThe pegasus driver should validate that the device it is probing has the\nproper number and types of USB endpoints it is expecting before it binds\nto it.  If a malicious device were to not have the same urbs the driver\nwill crash later on when it blindly accesses these endpoints."
    },
    {
      "lang": "es",
      "value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nnet: usb: pegasus: validar puntos finales USB\n\nEl controlador pegasus deber\u00eda validar que el dispositivo que est\u00e1 sondeando tiene el n\u00famero y tipos adecuados de puntos finales USB que espera antes de que se vincule a \u00e9l. Si un dispositivo malicioso no tuviera los mismos urbs, el controlador fallar\u00e1 m\u00e1s tarde cuando acceda ciegamente a estos puntos finales."
    }
  ],
  "id": "CVE-2026-23290",
  "lastModified": "2026-04-18T09:16:16.877",
  "metrics": {},
  "published": "2026-03-25T11:16:24.043",
  "references": [
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/11de1d3ae5565ed22ef1f89d73d8f2d00322c699"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/43d7c4114b1ec14f41f09306525d3b9382286fc1"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/7f8505c7ce3f186ef9d2495f3c0bd6ad6fce999f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/95556b4e879711693c9865ba0938c148f62d5ea4"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/af7369ae572f53cb701731a4289ec3b3889bc501"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/c3f1672eaea68c5cb6e1ec081cdb92045453218f"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/d5d9086211877361f1bda44a0aec538ddb04042a"
    },
    {
      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
      "url": "https://git.kernel.org/stable/c/ee31ec8cf1eafeefa85ef934ba688d27f88bf0e2"
    }
  ],
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "vulnStatus": "Awaiting Analysis"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.