VYPR
Medium severity5.5NVD Advisory· Published May 6, 2026· Updated May 13, 2026

CVE-2026-43156

CVE-2026-43156

Description

In the Linux kernel, the following vulnerability has been resolved:

net: usb: pegasus: enable basic endpoint checking

pegasus_probe() fills URBs with hardcoded endpoint pipes without verifying the endpoint descriptors:

  • usb_rcvbulkpipe(dev, 1) for RX data
  • usb_sndbulkpipe(dev, 2) for TX data
  • usb_rcvintpipe(dev, 3) for status interrupts

A malformed USB device can present these endpoints with transfer types that differ from what the driver assumes.

Add a pegasus_usb_ep enum for endpoint numbers, replacing magic constants throughout. Add usb_check_bulk_endpoints() and usb_check_int_endpoints() calls before any resource allocation to verify endpoint types before use, rejecting devices with mismatched descriptors at probe time, and avoid triggering assertion.

Similar fix to - commit 90b7f2961798 ("net: usb: rtl8150: enable basic endpoint checking") - commit 9e7021d2aeae ("net: usb: catc: enable basic endpoint checking")

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • Linux/Kernel7 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=2.6.12.1,<5.10.252
    • cpe:2.3:o:linux:linux_kernel:2.6.12:-:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.12:rc2:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.12:rc3:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.12:rc4:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.12:rc5:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.