thunderbolt: Limit XDomain response copy to actual frame size_CVE-2026-53146

{
    "lastseen": "",
    "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Limit XDomain response copy to actual frame size\n\ntb_xdomain_copy() copies req->response_size bytes from the received\npacket buffer regardless of the actual frame size.  When a short\nresponse arrives, this reads past the valid frame data in the DMA\npool buffer into stale contents from previous transactions.\n\nUse the minimum of frame size and expected response size for the\ncopy length.",
    "published": "2026-06-25T08:38:32.877Z",
    "modified": "2026-06-28T06:39:30.867Z",
    "type": "cve",
    "title": "thunderbolt: Limit XDomain response copy to actual frame size",
    "source": "Linux",
    "references": "https://git.kernel.org/stable/c/c55da494dfb445fb28df3a9d293c2be6a299cd01\nhttps://git.kernel.org/stable/c/7720654b4842bcdfeb64bc002f6186041849e1e7\nhttps://git.kernel.org/stable/c/033dfa63bf6be2653441a1dccae4a8313a91bb9d\nhttps://git.kernel.org/stable/c/fc261397295b8ad0654cec747b0ec25ea0011995\nhttps://git.kernel.org/stable/c/a15b6d3136accb2bf84b04d9a3ddd991f7fbf1cb\nhttps://git.kernel.org/stable/c/b5daa920f44cb582272fc9bfaeb67408776cbaef\nhttps://git.kernel.org/stable/c/b2c1e5d9f1598cc1a4736d5c6bd1218f90805ee4\nhttps://git.kernel.org/stable/c/4db2bd2ed4785dbadaeeab9f4e346b21ac5fb8eb",
    "id": "CVE-2026-53146",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Linux Linux cdae7c07e3e3509eaabc18c1640a55dc5b99c179\nLinux Linux cdae7c07e3e3509eaabc18c1640a55dc5b99c179\nLinux Linux cdae7c07e3e3509eaabc18c1640a55dc5b99c179\nLinux Linux cdae7c07e3e3509eaabc18c1640a55dc5b99c179\nLinux Linux cdae7c07e3e3509eaabc18c1640a55dc5b99c179\nLinux Linux cdae7c07e3e3509eaabc18c1640a55dc5b99c179\nLinux Linux cdae7c07e3e3509eaabc18c1640a55dc5b99c179\nLinux Linux cdae7c07e3e3509eaabc18c1640a55dc5b99c179\nLinux Linux 4.15",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Linux",
    "version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179",
    "vendor": "Linux",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}