CVE-2026-53147

Source
https://cve.org/CVERecord?id=CVE-2026-53147
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53147.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53147
Downstream
Related
Published
2026-06-25T08:38:33.547Z
Modified
2026-07-08T08:09:45.616617620Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
thunderbolt: Validate XDomain request packet size before type cast
Details

In the Linux kernel, the following vulnerability has been resolved:

thunderbolt: Validate XDomain request packet size before type cast

tbxdphandle_request() casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer can send a minimal XDomain packet that passes the generic header length check but is shorter than the struct accessed after the cast, causing out-of- bounds reads from the kmemdup allocation.

Plumb the packet length through xdomainrequestwork and validate it against the expected struct size before each cast.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53147.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
cdae7c07e3e3509eaabc18c1640a55dc5b99c179
Fixed
a770e62923090d7572f1f5a8507ae551d354a057
Fixed
0dd61ba03d05187726ecdf9c0e2175a81b9b24f6
Fixed
79235c8add5da4bf27a12f5a5dbb579f300c059e
Fixed
46da5c3ea011e884028a91cf913db093920a915b
Fixed
07cd2787cdf8942d24a1a3ef81aa89b526fb6381
Fixed
a504b9f2797b739e0304d537e8aa4ce883ecce39

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53147.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
4.15.0
Fixed
6.1.176
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.143
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.94
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.36
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.13

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53147.json"