CVE-2026-23290
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
25/03/2026
Last modified:
18/04/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
net: usb: pegasus: validate USB endpoints<br />
<br />
The pegasus driver should validate that the device it is probing has the<br />
proper number and types of USB endpoints it is expecting before it binds<br />
to it. If a malicious device were to not have the same urbs the driver<br />
will crash later on when it blindly accesses these endpoints.
Impact
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/11de1d3ae5565ed22ef1f89d73d8f2d00322c699
- https://git.kernel.org/stable/c/43d7c4114b1ec14f41f09306525d3b9382286fc1
- https://git.kernel.org/stable/c/7f8505c7ce3f186ef9d2495f3c0bd6ad6fce999f
- https://git.kernel.org/stable/c/95556b4e879711693c9865ba0938c148f62d5ea4
- https://git.kernel.org/stable/c/af7369ae572f53cb701731a4289ec3b3889bc501
- https://git.kernel.org/stable/c/c3f1672eaea68c5cb6e1ec081cdb92045453218f
- https://git.kernel.org/stable/c/d5d9086211877361f1bda44a0aec538ddb04042a
- https://git.kernel.org/stable/c/ee31ec8cf1eafeefa85ef934ba688d27f88bf0e2