CVE-2025-68217

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> Input: pegasus-notetaker - fix potential out-of-bounds access<br /> <br /> In the pegasus_notetaker driver, the pegasus_probe() function allocates<br /> the URB transfer buffer using the wMaxPacketSize value from<br /> the endpoint descriptor. An attacker can use a malicious USB descriptor<br /> to force the allocation of a very small buffer.<br /> <br /> Subsequently, if the device sends an interrupt packet with a specific<br /> pattern (e.g., where the first byte is 0x80 or 0x42),<br /> the pegasus_parse_packet() function parses the packet without checking<br /> the allocated buffer size. This leads to an out-of-bounds memory access.