CVE-2026-53150
Analyzed Analyzed - Analysis Complete

Thunderbolt Zero-Length Property Entry Validation Flaw

Vulnerability report for CVE-2026-53150, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-07-06

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Reject zero-length property entries in validator tb_property_entry_valid() accepts entries with length == 0 for DIRECTORY, DATA, and TEXT types. A zero-length TEXT entry passes validation but causes an underflow in the null-termination logic: property->value.text[property->length * 4 - 1] = '\0'; When property->length is 0 this writes to offset -1 relative to the allocation. Reject zero-length entries early in the validator since they have no valid representation in the XDomain property protocol.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-07-06
Generated
2026-07-15
AI Q&A
2026-06-25
EPSS Evaluated
2026-07-14
NVD
EUVD

Affected Vendors & Products

Showing 14 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 5.16 (inc) to 6.1.176 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.143 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.210 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.36 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.94 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.13 (exc)
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 4.15 (inc) to 5.10.259 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-191 The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's Thunderbolt subsystem where the function tb_property_entry_valid() incorrectly accepts property entries with a length of zero for certain types (DIRECTORY, DATA, and TEXT). Specifically, a zero-length TEXT entry passes validation but leads to an underflow in the null-termination logic, causing the code to write to an invalid memory location (offset -1 relative to the allocation). This happens because the code attempts to set a null terminator at a position calculated as property->length * 4 - 1, which is invalid when length is zero.

The fix involves rejecting zero-length entries early in the validation process since such entries have no valid representation in the XDomain property protocol.

Impact Analysis

This vulnerability can lead to memory corruption due to an out-of-bounds write caused by the underflow in the null-termination logic when processing zero-length TEXT property entries. Such memory corruption could potentially be exploited to cause system instability, crashes, or even arbitrary code execution depending on the context and attacker capabilities.

Mitigation Strategies

The vulnerability is resolved by rejecting zero-length property entries in the Thunderbolt validator within the Linux kernel. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

Since the issue involves the tb_property_entry_valid() function accepting zero-length entries that cause an underflow, ensuring your system runs the patched kernel version will prevent exploitation.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53150. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart