Acknowledged
Created: Dec 16, 2025
Updated: Dec 18, 2025
Found In Version: 10.25.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 25
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]Input: pegasus-notetaker - fix potential out-of-bounds access[EOL][EOL]In the pegasus_notetaker driver, the pegasus_probe() function allocates[EOL]the URB transfer buffer using the wMaxPacketSize value from[EOL]the endpoint descriptor. An attacker can use a malicious USB descriptor[EOL]to force the allocation of a very small buffer.[EOL][EOL]Subsequently, if the device sends an interrupt packet with a specific[EOL]pattern (e.g., where the first byte is 0x80 or 0x42),[EOL]the pegasus_parse_packet() function parses the packet without checking[EOL]the allocated buffer size. This leads to an out-of-bounds memory access.
