{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-53146", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.387Z", "datePublished": "2026-06-25T08:38:32.877Z", "dateUpdated": "2026-06-28T06:39:30.867Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-28T06:39:30.867Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Limit XDomain response copy to actual frame size\n\ntb_xdomain_copy() copies req->response_size bytes from the received\npacket buffer regardless of the actual frame size. When a short\nresponse arrives, this reads past the valid frame data in the DMA\npool buffer into stale contents from previous transactions.\n\nUse the minimum of frame size and expected response size for the\ncopy length."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 7.1, "baseSeverity": "HIGH"}}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/thunderbolt/xdomain.c"], "versions": [{"version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179", "lessThan": "c55da494dfb445fb28df3a9d293c2be6a299cd01", "status": "affected", "versionType": "git"}, {"version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179", "lessThan": "7720654b4842bcdfeb64bc002f6186041849e1e7", "status": "affected", "versionType": "git"}, {"version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179", "lessThan": "033dfa63bf6be2653441a1dccae4a8313a91bb9d", "status": "affected", "versionType": "git"}, {"version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179", "lessThan": "fc261397295b8ad0654cec747b0ec25ea0011995", "status": "affected", "versionType": "git"}, {"version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179", "lessThan": "a15b6d3136accb2bf84b04d9a3ddd991f7fbf1cb", "status": "affected", "versionType": "git"}, {"version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179", "lessThan": "b5daa920f44cb582272fc9bfaeb67408776cbaef", "status": "affected", "versionType": "git"}, {"version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179", "lessThan": "b2c1e5d9f1598cc1a4736d5c6bd1218f90805ee4", "status": "affected", "versionType": "git"}, {"version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179", "lessThan": "4db2bd2ed4785dbadaeeab9f4e346b21ac5fb8eb", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/thunderbolt/xdomain.c"], "versions": [{"version": "4.15", "status": "affected"}, {"version": "0", "lessThan": "4.15", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.259", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.210", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.176", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.143", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.94", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.36", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.13", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "5.10.259"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "5.15.210"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.1.176"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.6.143"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.12.94"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.18.36"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "7.0.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/c55da494dfb445fb28df3a9d293c2be6a299cd01"}, {"url": "https://git.kernel.org/stable/c/7720654b4842bcdfeb64bc002f6186041849e1e7"}, {"url": "https://git.kernel.org/stable/c/033dfa63bf6be2653441a1dccae4a8313a91bb9d"}, {"url": "https://git.kernel.org/stable/c/fc261397295b8ad0654cec747b0ec25ea0011995"}, {"url": "https://git.kernel.org/stable/c/a15b6d3136accb2bf84b04d9a3ddd991f7fbf1cb"}, {"url": "https://git.kernel.org/stable/c/b5daa920f44cb582272fc9bfaeb67408776cbaef"}, {"url": "https://git.kernel.org/stable/c/b2c1e5d9f1598cc1a4736d5c6bd1218f90805ee4"}, {"url": "https://git.kernel.org/stable/c/4db2bd2ed4785dbadaeeab9f4e346b21ac5fb8eb"}], "title": "thunderbolt: Limit XDomain response copy to actual frame size", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{}

{"bugzilla": {"description": "kernel: thunderbolt: Limit XDomain response copy to actual frame size", "id": "2492800", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492800"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "details": ["In the Linux kernel, the following vulnerability has been resolved:\nthunderbolt: Limit XDomain response copy to actual frame size\ntb_xdomain_copy() copies req->response_size bytes from the received\npacket buffer regardless of the actual frame size. When a short\nresponse arrives, this reads past the valid frame data in the DMA\npool buffer into stale contents from previous transactions.\nUse the minimum of frame size and expected response size for the\ncopy length."], "name": "CVE-2026-53146", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-53146\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-53146\nhttps://lore.kernel.org/linux-cve-announce/2026062545-CVE-2026-53146-1e8e@gregkh/T"], "threat_severity": "Moderate"}