CVE-2026-53146
Received Received - Intake
Thunderbolt XDomain Response Size Validation Flaw

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Limit XDomain response copy to actual frame size tb_xdomain_copy() copies req->response_size bytes from the received packet buffer regardless of the actual frame size. When a short response arrives, this reads past the valid frame data in the DMA pool buffer into stale contents from previous transactions. Use the minimum of frame size and expected response size for the copy length.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-53146
EUVD
EUVD-2026-39237
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's Thunderbolt subsystem. Specifically, the function tb_xdomain_copy() copies a number of bytes equal to the expected response size from a received packet buffer without verifying the actual size of the frame. If a shorter response is received, this causes the function to read beyond the valid data into stale or leftover data from previous transactions in the DMA pool buffer.

The fix involves limiting the copy operation to the minimum of the actual frame size and the expected response size, preventing reading beyond the valid data.

Impact Analysis

This vulnerability can lead to reading stale or unintended data from memory buffers, which may cause information leakage or data corruption. Accessing data beyond the valid frame size can expose sensitive information from previous transactions or cause instability in the system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53146. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart