{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-43156", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-05-01T14:12:55.989Z", "datePublished": "2026-05-06T11:27:36.491Z", "dateUpdated": "2026-05-06T11:27:36.491Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-06T11:27:36.491Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: pegasus: enable basic endpoint checking\n\npegasus_probe() fills URBs with hardcoded endpoint pipes without\nverifying the endpoint descriptors:\n\n - usb_rcvbulkpipe(dev, 1) for RX data\n - usb_sndbulkpipe(dev, 2) for TX data\n - usb_rcvintpipe(dev, 3) for status interrupts\n\nA malformed USB device can present these endpoints with transfer types\nthat differ from what the driver assumes.\n\nAdd a pegasus_usb_ep enum for endpoint numbers, replacing magic\nconstants throughout. Add usb_check_bulk_endpoints() and\nusb_check_int_endpoints() calls before any resource allocation to\nverify endpoint types before use, rejecting devices with mismatched\ndescriptors at probe time, and avoid triggering assertion.\n\nSimilar fix to\n- commit 90b7f2961798 (\"net: usb: rtl8150: enable basic endpoint checking\")\n- commit 9e7021d2aeae (\"net: usb: catc: enable basic endpoint checking\")"}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/usb/pegasus.c"], "versions": [{"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "a3e64e950a3981a8199de9798f6d21261b959171", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "229dc9b9db475ac900182bafe258943e0e054c6d", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "26b3ec62fa1a94ac801feca47f040fc729b3c174", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "35854ed5c40b02f95824e44398f9d2ba33727203", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "67ba6b13dbcaf45681fb6758794c5ac5fa589a6c", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "d2e7c898cc02dfe42443489a67a45ed616cb76e9", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "2705709f6574a088aab246af72fc95f2fea51484", "status": "affected", "versionType": "git"}, {"version": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", "lessThan": "3d7e6ce34f4fcc7083510c28b17a7c36462a25d4", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/usb/pegasus.c"], "versions": [{"version": "2.6.12", "status": "affected"}, {"version": "0", "lessThan": "2.6.12", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.252", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.202", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.165", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.128", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.75", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.16", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.19.6", "lessThanOrEqual": "6.19.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "5.10.252"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "5.15.202"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.1.165"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.6.128"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.12.75"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.18.16"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "6.19.6"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "2.6.12", "versionEndExcluding": "7.0"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a3e64e950a3981a8199de9798f6d21261b959171"}, {"url": "https://git.kernel.org/stable/c/229dc9b9db475ac900182bafe258943e0e054c6d"}, {"url": "https://git.kernel.org/stable/c/26b3ec62fa1a94ac801feca47f040fc729b3c174"}, {"url": "https://git.kernel.org/stable/c/35854ed5c40b02f95824e44398f9d2ba33727203"}, {"url": "https://git.kernel.org/stable/c/67ba6b13dbcaf45681fb6758794c5ac5fa589a6c"}, {"url": "https://git.kernel.org/stable/c/d2e7c898cc02dfe42443489a67a45ed616cb76e9"}, {"url": "https://git.kernel.org/stable/c/2705709f6574a088aab246af72fc95f2fea51484"}, {"url": "https://git.kernel.org/stable/c/3d7e6ce34f4fcc7083510c28b17a7c36462a25d4"}], "title": "net: usb: pegasus: enable basic endpoint checking", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: pegasus: enable basic endpoint checking\n\npegasus_probe() fills URBs with hardcoded endpoint pipes without\nverifying the endpoint descriptors:\n\n - usb_rcvbulkpipe(dev, 1) for RX data\n - usb_sndbulkpipe(dev, 2) for TX data\n - usb_rcvintpipe(dev, 3) for status interrupts\n\nA malformed USB device can present these endpoints with transfer types\nthat differ from what the driver assumes.\n\nAdd a pegasus_usb_ep enum for endpoint numbers, replacing magic\nconstants throughout. Add usb_check_bulk_endpoints() and\nusb_check_int_endpoints() calls before any resource allocation to\nverify endpoint types before use, rejecting devices with mismatched\ndescriptors at probe time, and avoid triggering assertion.\n\nSimilar fix to\n- commit 90b7f2961798 (\"net: usb: rtl8150: enable basic endpoint checking\")\n- commit 9e7021d2aeae (\"net: usb: catc: enable basic endpoint checking\")"}], "id": "CVE-2026-43156", "lastModified": "2026-05-06T13:07:51.607", "metrics": {}, "published": "2026-05-06T12:16:33.427", "references": [{"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/229dc9b9db475ac900182bafe258943e0e054c6d"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/26b3ec62fa1a94ac801feca47f040fc729b3c174"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/2705709f6574a088aab246af72fc95f2fea51484"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/35854ed5c40b02f95824e44398f9d2ba33727203"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/3d7e6ce34f4fcc7083510c28b17a7c36462a25d4"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/67ba6b13dbcaf45681fb6758794c5ac5fa589a6c"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/a3e64e950a3981a8199de9798f6d21261b959171"}, {"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "url": "https://git.kernel.org/stable/c/d2e7c898cc02dfe42443489a67a45ed616cb76e9"}], "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "vulnStatus": "Awaiting Analysis"}

{}

{"created": "2026-05-06T13:45:04.296884+00:00", "title": "USB Pegasus Driver Misvalidated Endpoints Allow Malformed Devices", "updated": "2026-05-06T13:45:04.296898+00:00", "vendors": [], "weaknesses": ["CWE-20"]}