CVE Catalog

CVE-2026-53150

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile — higher than 8% of all known CVEs

Summary

In the Linux kernel, the Thunderbolt driver's validator accepts property entries with zero length, causing a buffer underflow when null-terminating the text. This can lead to out-of-bounds memory write.

Risk Assessment

An attacker could exploit this vulnerability to gain unauthorized access to kernel memory, potentially leading to privilege escalation or system instability.

Recommendation

Immediately update the Linux kernel to a version that includes the fix rejecting zero-length entries in the Thunderbolt property validator.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Reject zero-length property entries in validator tb_property_entry_valid() accepts entries with length == 0 for DIRECTORY, DATA, and TEXT types. A zero-length TEXT entry passes validation but causes an underflow in the null-termination logic: property->value.text[property->length * 4 - 1] = '\0'; When property->length is 0 this writes to offset -1 relative to the allocation. Reject zero-length entries early in the validator since they have no valid representation in the XDomain property protocol.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS