CVE-2025-68217
BaseFortify
Publication date: 2025-12-16
Last updated on: 2025-12-18
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's pegasus_notetaker driver. The pegasus_probe() function allocates a USB Request Block (URB) transfer buffer based on the wMaxPacketSize value from a USB endpoint descriptor. An attacker can supply a malicious USB descriptor that causes the driver to allocate a very small buffer. Later, if the device sends an interrupt packet with certain byte patterns (such as the first byte being 0x80 or 0x42), the pegasus_parse_packet() function processes the packet without verifying the buffer size, leading to an out-of-bounds memory access.
How can this vulnerability impact me? :
This vulnerability can lead to out-of-bounds memory access in the Linux kernel, which may cause system instability, crashes, or potentially allow an attacker to execute arbitrary code or escalate privileges by exploiting the memory corruption.