CVE-2026-23290 - Vulnerability Details

- net: usb: pegasus: validate USB endpoints

Description

In the Linux kernel, the following vulnerability has been resolved:

net: usb: pegasus: validate USB endpoints

The pegasus driver should validate that the device it is probing has the
proper number and types of USB endpoints it is expecting before it binds
to it. If a malicious device were to not have the same urbs the driver
will crash later on when it blindly accesses these endpoints.

Published: 2026-03-25

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Pegasus USB driver in the Linux kernel does not validate the number and types of USB endpoints before binding. A malicious or malformed device that provides fewer or different endpoints can cause the driver to later access invalid endpoints, resulting in a kernel crash. This leads to a denial of service by disrupting system availability and possibly requiring a reboot.

Affected Systems

The vulnerability impacts Linux kernels that include the Pegasus USB driver. No specific version range is provided, implying that all current kernel releases containing this driver are potentially affected. This includes mainstream distributions shipping the mainline kernel with the Pegasus driver active.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score of less than 1% suggests a low likelihood of exploitation. The vulnerability does not provide remote code execution. Based on the description, the likely attack vector is a physical or authenticated USB connection, requiring an attacker to attach a crafted device to a vulnerable host. Since the vulnerability is not listed in the CISA KEV catalog and exploits would only cause a system crash, the overall risk is limited to service disruption rather than data compromise.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< d5d9086211877361f1bda44a0aec538ddb04042a
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< af7369ae572f53cb701731a4289ec3b3889bc501
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 43d7c4114b1ec14f41f09306525d3b9382286fc1
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 7f8505c7ce3f186ef9d2495f3c0bd6ad6fce999f
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 95556b4e879711693c9865ba0938c148f62d5ea4
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< c3f1672eaea68c5cb6e1ec081cdb92045453218f
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< ee31ec8cf1eafeefa85ef934ba688d27f88bf0e2
`1da177e4c3f41524e886b7f1b8a0c1fc7321cac2`	affected	< 11de1d3ae5565ed22ef1f89d73d8f2d00322c699

Linux

affected

Version	Status	Constraints
`2.6.12`	affected	—
`0`	unaffected	< 2.6.12
`5.10.253`	unaffected	≤ 5.10.*
`5.15.203`	unaffected	≤ 5.15.*
`6.1.167`	unaffected	≤ 6.1.*
`6.6.130`	unaffected	≤ 6.6.*
`6.12.77`	unaffected	≤ 6.12.*
`6.18.17`	unaffected	≤ 6.18.*
`6.19.7`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,43d7c4114b1ec14f41f09306525d3b9382286fc1)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,7f8505c7ce3f186ef9d2495f3c0bd6ad6fce999f)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,95556b4e879711693c9865ba0938c148f62d5ea4)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,c3f1672eaea68c5cb6e1ec081cdb92045453218f)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,ee31ec8cf1eafeefa85ef934ba688d27f88bf0e2)`	affected	code_commit	—
`[1da177e4c3f41524e886b7f1b8a0c1fc7321cac2,11de1d3ae5565ed22ef1f89d73d8f2d00322c699)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[6.1.167,6.2.0)`	unaffected	semver	—
`[6.6.130,6.7.0)`	unaffected	semver	—
`[6.12.77,6.13.0)`	unaffected	semver	—
`[6.18.17,6.19.0)`	unaffected	semver	—
`[6.19.7,6.20.0)`	unaffected	semver	—
`[7.0-rc2,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a version that includes the fix for the Pegasus driver.
If a kernel update cannot be performed immediately, disable the Pegasus driver by blacklisting it or removing the module.
Enforce USB device whitelisting or use a USB firewall to restrict which devices can be connected.
Monitor kernel logs for OOPS or panic messages related to USB to detect potential exploitation attempts.

Generated by OpenCVE AI on March 26, 2026 at 14:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00032.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/11de1d3ae5565ed22ef1f89d73d8f2d00322c699
https://git.kernel.org/stable/c/43d7c4114b1ec14f41f09306525d3b9382286fc1
https://git.kernel.org/stable/c/7f8505c7ce3f186ef9d2495f3c0bd6ad6fce999f
https://git.kernel.org/stable/c/95556b4e879711693c9865ba0938c148f62d5ea4
https://git.kernel.org/stable/c/af7369ae572f53cb701731a4289ec3b3889bc501
https://git.kernel.org/stable/c/c3f1672eaea68c5cb6e1ec081cdb92045453218f
https://git.kernel.org/stable/c/d5d9086211877361f1bda44a0aec538ddb04042a
https://git.kernel.org/stable/c/ee31ec8cf1eafeefa85ef934ba688d27f88bf0e2
https://lore.kernel.org/linux-cve-announce/2026032525-CVE-2026-23290-af97@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-23290
https://www.cve.org/CVERecord?id=CVE-2026-23290

History

Sat, 18 Apr 2026 09:15:00 +0000

Type	Values Removed	Values Added
References		https://git.kernel.org/stable/c/af7369ae572f53cb701731a4289ec3b3889bc501 https://git.kernel.org/stable/c/d5d9086211877361f1bda44a0aec538ddb04042a

Thu, 26 Mar 2026 12:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-20

Thu, 26 Mar 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-909
References		https://lore.kernel.org/linux-cve-announce/2026032525-CVE-2026-23290-af97@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-23290 https://www.cve.org/CVERecord?id=CVE-2026-23290
Metrics	threat_severity `None`	cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}` threat_severity `Low`

Wed, 25 Mar 2026 22:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-20

Wed, 25 Mar 2026 10:45:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: validate USB endpoints The pegasus driver should validate that the device it is probing has the proper number and types of USB endpoints it is expecting before it binds to it. If a malicious device were to not have the same urbs the driver will crash later on when it blindly accesses these endpoints.
Title		net: usb: pegasus: validate USB endpoints
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/11de1d3ae5565ed22ef1f89d73d8f2d00322c699 https://git.kernel.org/stable/c/43d7c4114b1ec14f41f09306525d3b9382286fc1 https://git.kernel.org/stable/c/7f8505c7ce3f186ef9d2495f3c0bd6ad6fce999f https://git.kernel.org/stable/c/95556b4e879711693c9865ba0938c148f62d5ea4 https://git.kernel.org/stable/c/c3f1672eaea68c5cb6e1ec081cdb92045453218f https://git.kernel.org/stable/c/ee31ec8cf1eafeefa85ef934ba688d27f88bf0e2

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-03-25T10:26:48.886Z

Updated: 2026-04-18T08:57:40.813Z

Reserved: 2026-01-13T15:37:45.992Z

Link: CVE-2026-23290

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-03-25T11:16:24.043

Modified: 2026-04-18T09:16:16.877

Link: CVE-2026-23290

Redhat

Severity : Low

Publid Date: 2026-03-25T00:00:00Z

Links: CVE-2026-23290 - Bugzilla

OpenCVE Enrichment

Updated: 2026-03-27T09:50:15Z

Weaknesses

CWE-909

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object