CVE-2025-68217
Input: pegasus-notetaker - fix potential out-of-bounds access
Description
In the Linux kernel, the following vulnerability has been resolved: Input: pegasus-notetaker - fix potential out-of-bounds access In the pegasus_notetaker driver, the pegasus_probe() function allocates the URB transfer buffer using the wMaxPacketSize value from the endpoint descriptor. An attacker can use a malicious USB descriptor to force the allocation of a very small buffer. Subsequently, if the device sends an interrupt packet with a specific pattern (e.g., where the first byte is 0x80 or 0x42), the pegasus_parse_packet() function parses the packet without checking the allocated buffer size. This leads to an out-of-bounds memory access.
INFO
Published Date :
Dec. 16, 2025, 2:15 p.m.
Last Modified :
Dec. 16, 2025, 2:15 p.m.
Remotely Exploit :
No
Source :
416baaa9-dc9f-4396-8d5f-8c081fb06d67
Solution
- Update the Linux kernel.
- Apply the patch for pegasus_notetaker driver.
- Ensure proper buffer size checks.
- Validate USB descriptor sizes.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-68217.
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-68217 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-68217
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-68217 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2025-68217 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Dec. 16, 2025
Action Type Old Value New Value Added Description In the Linux kernel, the following vulnerability has been resolved: Input: pegasus-notetaker - fix potential out-of-bounds access In the pegasus_notetaker driver, the pegasus_probe() function allocates the URB transfer buffer using the wMaxPacketSize value from the endpoint descriptor. An attacker can use a malicious USB descriptor to force the allocation of a very small buffer. Subsequently, if the device sends an interrupt packet with a specific pattern (e.g., where the first byte is 0x80 or 0x42), the pegasus_parse_packet() function parses the packet without checking the allocated buffer size. This leads to an out-of-bounds memory access. Added Reference https://git.kernel.org/stable/c/015b719962696b793997e8deefac019f816aca77 Added Reference https://git.kernel.org/stable/c/084264e10e2ae8938a54355123ad977eb9df56d6 Added Reference https://git.kernel.org/stable/c/36bc92b838ff72f62f2c17751a9013b29ead2513 Added Reference https://git.kernel.org/stable/c/69aeb507312306f73495598a055293fa749d454e Added Reference https://git.kernel.org/stable/c/763c3f4d2394a697d14af1335d3bb42f05c9409f Added Reference https://git.kernel.org/stable/c/9ab67eff6d654e34ba6da07c64761aa87c2a3c26 Added Reference https://git.kernel.org/stable/c/c4e746651bd74c38f581e1cf31651119a94de8cd Added Reference https://git.kernel.org/stable/c/d344ea1baf1946c90f0cd6f9daeb5f3e0a0ca479