CVE-2026-53150
Received Received - Intake
Thunderbolt Zero-Length Property Entry Validation Flaw

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Reject zero-length property entries in validator tb_property_entry_valid() accepts entries with length == 0 for DIRECTORY, DATA, and TEXT types. A zero-length TEXT entry passes validation but causes an underflow in the null-termination logic: property->value.text[property->length * 4 - 1] = '\0'; When property->length is 0 this writes to offset -1 relative to the allocation. Reject zero-length entries early in the validator since they have no valid representation in the XDomain property protocol.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-53150
EUVD
EUVD-2026-39241
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's Thunderbolt subsystem where the function tb_property_entry_valid() incorrectly accepts property entries with a length of zero for certain types (DIRECTORY, DATA, and TEXT). Specifically, a zero-length TEXT entry passes validation but leads to an underflow in the null-termination logic, causing the code to write to an invalid memory location (offset -1 relative to the allocation). This happens because the code attempts to set a null terminator at a position calculated as property->length * 4 - 1, which is invalid when length is zero.

The fix involves rejecting zero-length entries early in the validation process since such entries have no valid representation in the XDomain property protocol.

Impact Analysis

This vulnerability can lead to memory corruption due to an out-of-bounds write caused by the underflow in the null-termination logic when processing zero-length TEXT property entries. Such memory corruption could potentially be exploited to cause system instability, crashes, or even arbitrary code execution depending on the context and attacker capabilities.

Mitigation Strategies

The vulnerability is resolved by rejecting zero-length property entries in the Thunderbolt validator within the Linux kernel. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

Since the issue involves the tb_property_entry_valid() function accepting zero-length entries that cause an underflow, ensuring your system runs the patched kernel version will prevent exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53150. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart