CVE-2025-68217
- Source
- https://cve.org/CVERecord?id=CVE-2025-68217
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68217.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-68217
- Downstream
- Related
- Published
- 2025-12-16T13:57:12.011Z
- Modified
- 2026-03-13T04:04:00.136216Z
- Summary
- Input: pegasus-notetaker - fix potential out-of-bounds access
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
Input: pegasus-notetaker - fix potential out-of-bounds access
In the pegasusnotetaker driver, the pegasusprobe() function allocates the URB transfer buffer using the wMaxPacketSize value from the endpoint descriptor. An attacker can use a malicious USB descriptor to force the allocation of a very small buffer.
Subsequently, if the device sends an interrupt packet with a specific pattern (e.g., where the first byte is 0x80 or 0x42), the pegasusparsepacket() function parses the packet without checking the allocated buffer size. This leads to an out-of-bounds memory access.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68217.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/015b719962696b793997e8deefac019f816aca77
- https://git.kernel.org/stable/c/084264e10e2ae8938a54355123ad977eb9df56d6
- https://git.kernel.org/stable/c/36bc92b838ff72f62f2c17751a9013b29ead2513
- https://git.kernel.org/stable/c/69aeb507312306f73495598a055293fa749d454e
- https://git.kernel.org/stable/c/763c3f4d2394a697d14af1335d3bb42f05c9409f
- https://git.kernel.org/stable/c/9ab67eff6d654e34ba6da07c64761aa87c2a3c26
- https://git.kernel.org/stable/c/c4e746651bd74c38f581e1cf31651119a94de8cd
- https://git.kernel.org/stable/c/d344ea1baf1946c90f0cd6f9daeb5f3e0a0ca479
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68217.json
- https://nvd.nist.gov/vuln/detail/CVE-2025-68217
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced1afca2b66aac7ac262d3511c68725e9e7053b40fFixedc4e746651bd74c38f581e1cf31651119a94de8cdFixed36bc92b838ff72f62f2c17751a9013b29ead2513Fixed015b719962696b793997e8deefac019f816aca77Fixed084264e10e2ae8938a54355123ad977eb9df56d6Fixedd344ea1baf1946c90f0cd6f9daeb5f3e0a0ca479Fixed9ab67eff6d654e34ba6da07c64761aa87c2a3c26Fixed763c3f4d2394a697d14af1335d3bb42f05c9409fFixed69aeb507312306f73495598a055293fa749d454e
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced4.8.0Fixed5.4.302
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.247
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.197
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.159
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.118
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.60
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.17.10