CVE-2025-68217

Dec. 18, 2025, 3:08 p.m.

None
No Score

Description

In the Linux kernel, the following vulnerability has been resolved: Input: pegasus-notetaker - fix potential out-of-bounds access In the pegasus_notetaker driver, the pegasus_probe() function allocates the URB transfer buffer using the wMaxPacketSize value from the endpoint descriptor. An attacker can use a malicious USB descriptor to force the allocation of a very small buffer. Subsequently, if the device sends an interrupt packet with a specific pattern (e.g., where the first byte is 0x80 or 0x42), the pegasus_parse_packet() function parses the packet without checking the allocated buffer size. This leads to an out-of-bounds memory access.

Product(s) Impacted

Product Versions

Weaknesses

Common security weaknesses mapped to this vulnerability.

References

https://git.kernel.org/stable/c/015b719962696b793997e8deefac019f816aca77
https://git.kernel.org/stable/c/084264e10e2ae8938a54355123ad977eb9df56d6
https://git.kernel.org/stable/c/36bc92b838ff72f62f2c17751a9013b29ead2513
https://git.kernel.org/stable/c/69aeb507312306f73495598a055293fa749d454e
https://git.kernel.org/stable/c/763c3f4d2394a697d14af1335d3bb42f05c9409f
https://git.kernel.org/stable/c/9ab67eff6d654e34ba6da07c64761aa87c2a3c26
https://git.kernel.org/stable/c/c4e746651bd74c38f581e1cf31651119a94de8cd
https://git.kernel.org/stable/c/d344ea1baf1946c90f0cd6f9daeb5f3e0a0ca479

Tags

416baaa9-dc9f-4396-8d5f-8c081fb06d67
2025-12-16
CVE-2025-68217

Timeline

Published: Dec. 16, 2025, 2:15 p.m.
Last Modified: Dec. 18, 2025, 3:08 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

416baaa9-dc9f-4396-8d5f-8c081fb06d67

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.