{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-68217","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2025-12-16T13:41:40.256Z","datePublished":"2025-12-16T13:57:12.011Z","dateUpdated":"2026-05-11T21:48:59.173Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:48:59.173Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nInput: pegasus-notetaker - fix potential out-of-bounds access\n\nIn the pegasus_notetaker driver, the pegasus_probe() function allocates\nthe URB transfer buffer using the wMaxPacketSize value from\nthe endpoint descriptor. An attacker can use a malicious USB descriptor\nto force the allocation of a very small buffer.\n\nSubsequently, if the device sends an interrupt packet with a specific\npattern (e.g., where the first byte is 0x80 or 0x42),\nthe pegasus_parse_packet() function parses the packet without checking\nthe allocated buffer size. This leads to an out-of-bounds memory access."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/input/tablet/pegasus_notetaker.c"],"versions":[{"version":"1afca2b66aac7ac262d3511c68725e9e7053b40f","lessThan":"c4e746651bd74c38f581e1cf31651119a94de8cd","status":"affected","versionType":"git"},{"version":"1afca2b66aac7ac262d3511c68725e9e7053b40f","lessThan":"36bc92b838ff72f62f2c17751a9013b29ead2513","status":"affected","versionType":"git"},{"version":"1afca2b66aac7ac262d3511c68725e9e7053b40f","lessThan":"015b719962696b793997e8deefac019f816aca77","status":"affected","versionType":"git"},{"version":"1afca2b66aac7ac262d3511c68725e9e7053b40f","lessThan":"084264e10e2ae8938a54355123ad977eb9df56d6","status":"affected","versionType":"git"},{"version":"1afca2b66aac7ac262d3511c68725e9e7053b40f","lessThan":"d344ea1baf1946c90f0cd6f9daeb5f3e0a0ca479","status":"affected","versionType":"git"},{"version":"1afca2b66aac7ac262d3511c68725e9e7053b40f","lessThan":"9ab67eff6d654e34ba6da07c64761aa87c2a3c26","status":"affected","versionType":"git"},{"version":"1afca2b66aac7ac262d3511c68725e9e7053b40f","lessThan":"763c3f4d2394a697d14af1335d3bb42f05c9409f","status":"affected","versionType":"git"},{"version":"1afca2b66aac7ac262d3511c68725e9e7053b40f","lessThan":"69aeb507312306f73495598a055293fa749d454e","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/input/tablet/pegasus_notetaker.c"],"versions":[{"version":"4.8","status":"affected"},{"version":"0","lessThan":"4.8","status":"unaffected","versionType":"semver"},{"version":"5.4.302","lessThanOrEqual":"5.4.*","status":"unaffected","versionType":"semver"},{"version":"5.10.247","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.197","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.159","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.118","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.60","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.17.10","lessThanOrEqual":"6.17.*","status":"unaffected","versionType":"semver"},{"version":"6.18","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.4.302"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.10.247"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"5.15.197"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"6.1.159"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"6.6.118"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"6.12.60"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"6.17.10"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"4.8","versionEndExcluding":"6.18"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/c4e746651bd74c38f581e1cf31651119a94de8cd"},{"url":"https://git.kernel.org/stable/c/36bc92b838ff72f62f2c17751a9013b29ead2513"},{"url":"https://git.kernel.org/stable/c/015b719962696b793997e8deefac019f816aca77"},{"url":"https://git.kernel.org/stable/c/084264e10e2ae8938a54355123ad977eb9df56d6"},{"url":"https://git.kernel.org/stable/c/d344ea1baf1946c90f0cd6f9daeb5f3e0a0ca479"},{"url":"https://git.kernel.org/stable/c/9ab67eff6d654e34ba6da07c64761aa87c2a3c26"},{"url":"https://git.kernel.org/stable/c/763c3f4d2394a697d14af1335d3bb42f05c9409f"},{"url":"https://git.kernel.org/stable/c/69aeb507312306f73495598a055293fa749d454e"}],"title":"Input: pegasus-notetaker - fix potential out-of-bounds access","x_generator":{"engine":"bippy-1.2.0"}}}}