-

CVE-2025-68217

EPSS 0.06%
Veröffentlicht 16.12.2025 13:57:12
Zuletzt bearbeitet 18.12.2025 15:08:06
Quelle 416baaa9-dc9f-4396-8d5f-8c081f
CVE-Watchlists
Login
Unerledigt
Login

In the Linux kernel, the following vulnerability has been resolved:

Input: pegasus-notetaker - fix potential out-of-bounds access

In the pegasus_notetaker driver, the pegasus_probe() function allocates
the URB transfer buffer using the wMaxPacketSize value from
the endpoint descriptor. An attacker can use a malicious USB descriptor
to force the allocation of a very small buffer.

Subsequently, if the device sends an interrupt packet with a specific
pattern (e.g., where the first byte is 0x80 or 0x42),
the pegasus_parse_packet() function parses the packet without checking
the allocated buffer size. This leads to an out-of-bounds memory access.

Betroffene Produkte Warnungen 0 Metriken 1 CWE 0 Referenzen 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerLinux

≫

Produkt Linux

Default Statusunaffected

Version < c4e746651bd74c38f581e1cf31651119a94de8cd

Version 1afca2b66aac7ac262d3511c68725e9e7053b40f

Status affected

Version < 36bc92b838ff72f62f2c17751a9013b29ead2513

Version 1afca2b66aac7ac262d3511c68725e9e7053b40f

Status affected

Version < 015b719962696b793997e8deefac019f816aca77

Version 1afca2b66aac7ac262d3511c68725e9e7053b40f

Status affected

Version < 084264e10e2ae8938a54355123ad977eb9df56d6

Version 1afca2b66aac7ac262d3511c68725e9e7053b40f

Status affected

Version < d344ea1baf1946c90f0cd6f9daeb5f3e0a0ca479

Version 1afca2b66aac7ac262d3511c68725e9e7053b40f

Status affected

Version < 9ab67eff6d654e34ba6da07c64761aa87c2a3c26

Version 1afca2b66aac7ac262d3511c68725e9e7053b40f

Status affected

Version < 763c3f4d2394a697d14af1335d3bb42f05c9409f

Version 1afca2b66aac7ac262d3511c68725e9e7053b40f

Status affected

Version < 69aeb507312306f73495598a055293fa749d454e

Version 1afca2b66aac7ac262d3511c68725e9e7053b40f

Status affected

HerstellerLinux

≫

Produkt Linux

Default Statusaffected

Version 4.8

Status affected

Version < 4.8

Version 0

Status unaffected

Version <= 5.4.*

Version 5.4.302

Status unaffected

Version <= 5.10.*

Version 5.10.247

Status unaffected

Version <= 5.15.*

Version 5.15.197

Status unaffected

Version <= 6.1.*

Version 6.1.159

Status unaffected

Version <= 6.6.*

Version 6.6.118

Status unaffected

Version <= 6.12.*

Version 6.12.60

Status unaffected

Version <= 6.17.*

Version 6.17.10

Status unaffected

Version <= *

Version 6.18

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.191

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://git.kernel.org/stable/c/c4e746651bd74c38f581e1cf31651119a94de8cd

https://git.kernel.org/stable/c/36bc92b838ff72f62f2c17751a9013b29ead2513

https://git.kernel.org/stable/c/015b719962696b793997e8deefac019f816aca77

https://git.kernel.org/stable/c/084264e10e2ae8938a54355123ad977eb9df56d6

https://git.kernel.org/stable/c/d344ea1baf1946c90f0cd6f9daeb5f3e0a0ca479

https://git.kernel.org/stable/c/9ab67eff6d654e34ba6da07c64761aa87c2a3c26

https://git.kernel.org/stable/c/763c3f4d2394a697d14af1335d3bb42f05c9409f

https://git.kernel.org/stable/c/69aeb507312306f73495598a055293fa749d454e

https://nvd.nist.gov/vuln/detail/CVE-2025-68217

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-68217

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-68217

EUVD