CVE-2026-43156

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net: usb: pegasus: enable basic endpoint checking<br /> <br /> pegasus_probe() fills URBs with hardcoded endpoint pipes without<br /> verifying the endpoint descriptors:<br /> <br /> - usb_rcvbulkpipe(dev, 1) for RX data<br /> - usb_sndbulkpipe(dev, 2) for TX data<br /> - usb_rcvintpipe(dev, 3) for status interrupts<br /> <br /> A malformed USB device can present these endpoints with transfer types<br /> that differ from what the driver assumes.<br /> <br /> Add a pegasus_usb_ep enum for endpoint numbers, replacing magic<br /> constants throughout. Add usb_check_bulk_endpoints() and<br /> usb_check_int_endpoints() calls before any resource allocation to<br /> verify endpoint types before use, rejecting devices with mismatched<br /> descriptors at probe time, and avoid triggering assertion.<br /> <br /> Similar fix to<br /> - commit 90b7f2961798 ("net: usb: rtl8150: enable basic endpoint checking")<br /> - commit 9e7021d2aeae ("net: usb: catc: enable basic endpoint checking")