8.1
/ 10
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Description
In the Linux kernel, the following vulnerability has been resolved:
thunderbolt: Validate XDomain request packet size before type cast
tb_xdp_handle_request() casts the received packet buffer to
protocol-specific structs without verifying that the allocation
is large enough for the target type. A peer can send a minimal
XDomain packet that passes the generic header length check but is
shorter than the struct accessed after the cast, causing out-of-
bounds reads from the kmemdup allocation.
Plumb the packet length through xdomain_request_work and validate
it against the expected struct size before each cast.
thunderbolt: Validate XDomain request packet size before type cast
tb_xdp_handle_request() casts the received packet buffer to
protocol-specific structs without verifying that the allocation
is large enough for the target type. A peer can send a minimal
XDomain packet that passes the generic header length check but is
shorter than the struct accessed after the cast, causing out-of-
bounds reads from the kmemdup allocation.
Plumb the packet length through xdomain_request_work and validate
it against the expected struct size before each cast.
Basic Information
ID
CVE-2026-53147
Source
Linux
Published
Jun 25, 2026 at 08:38
Modified
Jun 28, 2026 at 06:39
Affected Product
Vendor
Linux
Product
Linux
Version
cdae7c07e3e3509eaabc18c1640a55dc5b99c179
Affected Versions
Linux Linux cdae7c07e3e3509eaabc18c1640a55dc5b99c179
Linux Linux cdae7c07e3e3509eaabc18c1640a55dc5b99c179
Linux Linux cdae7c07e3e3509eaabc18c1640a55dc5b99c179
Linux Linux cdae7c07e3e3509eaabc18c1640a55dc5b99c179
Linux Linux cdae7c07e3e3509eaabc18c1640a55dc5b99c179
Linux Linux cdae7c07e3e3509eaabc18c1640a55dc5b99c179
Linux Linux 4.15
Linux Linux cdae7c07e3e3509eaabc18c1640a55dc5b99c179
Linux Linux cdae7c07e3e3509eaabc18c1640a55dc5b99c179
Linux Linux cdae7c07e3e3509eaabc18c1640a55dc5b99c179
Linux Linux cdae7c07e3e3509eaabc18c1640a55dc5b99c179
Linux Linux cdae7c07e3e3509eaabc18c1640a55dc5b99c179
Linux Linux 4.15
References
- git.kernel.org /stable/c/a770e62923090d7572f1f5a8507ae551d354a057
- git.kernel.org /stable/c/0dd61ba03d05187726ecdf9c0e2175a81b9b24f6
- git.kernel.org /stable/c/79235c8add5da4bf27a12f5a5dbb579f300c059e
- git.kernel.org /stable/c/46da5c3ea011e884028a91cf913db093920a915b
- git.kernel.org /stable/c/07cd2787cdf8942d24a1a3ef81aa89b526fb6381
- git.kernel.org /stable/c/a504b9f2797b739e0304d537e8aa4ce883ecce39