CVE-2026-23290

MEDIUM EPSS 2.4%
Published Mar 25, 20263mo ago · Modified Jun 17, 20261w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Mar 25, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: validate USB endpoints The pegasus driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not have the same urbs the driver will crash later on when it blindly accesses these endpoints.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 13

VendorProductVersionRange
linuxlinux_kernel*≥2.6.12.1  –  <5.10.253
linuxlinux_kernel*≥5.11  –  <5.15.203
linuxlinux_kernel*≥5.16  –  <6.1.167
linuxlinux_kernel*≥6.2  –  <6.6.130
linuxlinux_kernel*≥6.7  –  <6.12.77
linuxlinux_kernel*≥6.13  –  <6.18.17
linuxlinux_kernel*≥6.19  –  <6.19.7
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel2.6.12any
linuxlinux_kernel7.0any

References 8

  • git.kernel.org https://git.kernel.org/stable/c/11de1d3ae5565ed22ef1f89d73d8f2d00322c699
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/43d7c4114b1ec14f41f09306525d3b9382286fc1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7f8505c7ce3f186ef9d2495f3c0bd6ad6fce999f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/95556b4e879711693c9865ba0938c148f62d5ea4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/af7369ae572f53cb701731a4289ec3b3889bc501
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c3f1672eaea68c5cb6e1ec081cdb92045453218f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d5d9086211877361f1bda44a0aec538ddb04042a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ee31ec8cf1eafeefa85ef934ba688d27f88bf0e2
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/11de1d3ae5565ed22ef1f89d73d8f2d00322c699
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/43d7c4114b1ec14f41f09306525d3b9382286fc1
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/7f8505c7ce3f186ef9d2495f3c0bd6ad6fce999f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/95556b4e879711693c9865ba0938c148f62d5ea4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/af7369ae572f53cb701731a4289ec3b3889bc501
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c3f1672eaea68c5cb6e1ec081cdb92045453218f
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d5d9086211877361f1bda44a0aec538ddb04042a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/ee31ec8cf1eafeefa85ef934ba688d27f88bf0e2
    Patch