CVE-2026-53150
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
In the Linux kernel, the Thunderbolt driver's validator accepts property entries with zero length, causing a buffer underflow when null-terminating the text. This can lead to out-of-bounds memory write.
Risk Assessment
An attacker could exploit this vulnerability to gain unauthorized access to kernel memory, potentially leading to privilege escalation or system instability.
Recommendation
Immediately update the Linux kernel to a version that includes the fix rejecting zero-length entries in the Thunderbolt property validator.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Reject zero-length property entries in validator tb_property_entry_valid() accepts entries with length == 0 for DIRECTORY, DATA, and TEXT types. A zero-length TEXT entry passes validation but causes an underflow in the null-termination logic: property->value.text[property->length * 4 - 1] = '\0'; When property->length is 0 this writes to offset -1 relative to the allocation. Reject zero-length entries early in the validator since they have no valid representation in the XDomain property protocol.

