CVE-2026-43156

EUVD-2026-27715

06.05.2026, 12:16

In the Linux kernel, the following vulnerability has been resolved:

net: usb: pegasus: enable basic endpoint checking

pegasus_probe() fills URBs with hardcoded endpoint pipes without
verifying the endpoint descriptors:

  - usb_rcvbulkpipe(dev, 1) for RX data
  - usb_sndbulkpipe(dev, 2) for TX data
  - usb_rcvintpipe(dev, 3)  for status interrupts

A malformed USB device can present these endpoints with transfer types
that differ from what the driver assumes.

Add a pegasus_usb_ep enum for endpoint numbers, replacing magic
constants throughout. Add usb_check_bulk_endpoints() and
usb_check_int_endpoints() calls before any resource allocation to
verify endpoint types before use, rejecting devices with mismatched
descriptors at probe time, and avoid triggering assertion.

Similar fix to
- commit 90b7f2961798 ("net: usb: rtl8150: enable basic endpoint checking")
- commit 9e7021d2aeae ("net: usb: catc: enable basic endpoint checking")

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	UNKNOWN				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Debian Releases

Debian Product

Codename

linux

bookworm	vulnerable
bookworm (security)	6.1.170-1 fixed
bullseye	vulnerable
bullseye (security)	vulnerable
forky	6.19.14-1 fixed
sid	7.0.4-1 fixed
trixie	vulnerable
trixie (security)	6.12.86-1 fixed

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um nicht spezifizierte Angriffe durchzuführen, möglicherweise Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren oder offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.
Published: 2026-05-06T22:00:00+00:00

References

https://git.kernel.org/stable/c/229dc9b9db475ac900182bafe258943e0e054c6d

https://git.kernel.org/stable/c/26b3ec62fa1a94ac801feca47f040fc729b3c174

https://git.kernel.org/stable/c/2705709f6574a088aab246af72fc95f2fea51484

https://git.kernel.org/stable/c/35854ed5c40b02f95824e44398f9d2ba33727203

https://git.kernel.org/stable/c/3d7e6ce34f4fcc7083510c28b17a7c36462a25d4

https://git.kernel.org/stable/c/67ba6b13dbcaf45681fb6758794c5ac5fa589a6c

https://git.kernel.org/stable/c/a3e64e950a3981a8199de9798f6d21261b959171

https://git.kernel.org/stable/c/d2e7c898cc02dfe42443489a67a45ed616cb76e9