{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-53147", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.387Z", "datePublished": "2026-06-25T08:38:33.547Z", "dateUpdated": "2026-06-28T06:39:32.188Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-28T06:39:32.188Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Validate XDomain request packet size before type cast\n\ntb_xdp_handle_request() casts the received packet buffer to\nprotocol-specific structs without verifying that the allocation\nis large enough for the target type. A peer can send a minimal\nXDomain packet that passes the generic header length check but is\nshorter than the struct accessed after the cast, causing out-of-\nbounds reads from the kmemdup allocation.\n\nPlumb the packet length through xdomain_request_work and validate\nit against the expected struct size before each cast."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/thunderbolt/xdomain.c"], "versions": [{"version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179", "lessThan": "a770e62923090d7572f1f5a8507ae551d354a057", "status": "affected", "versionType": "git"}, {"version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179", "lessThan": "0dd61ba03d05187726ecdf9c0e2175a81b9b24f6", "status": "affected", "versionType": "git"}, {"version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179", "lessThan": "79235c8add5da4bf27a12f5a5dbb579f300c059e", "status": "affected", "versionType": "git"}, {"version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179", "lessThan": "46da5c3ea011e884028a91cf913db093920a915b", "status": "affected", "versionType": "git"}, {"version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179", "lessThan": "07cd2787cdf8942d24a1a3ef81aa89b526fb6381", "status": "affected", "versionType": "git"}, {"version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179", "lessThan": "a504b9f2797b739e0304d537e8aa4ce883ecce39", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/thunderbolt/xdomain.c"], "versions": [{"version": "4.15", "status": "affected"}, {"version": "0", "lessThan": "4.15", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.176", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.143", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.94", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.36", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.13", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.1.176"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.6.143"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.12.94"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.18.36"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "7.0.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/a770e62923090d7572f1f5a8507ae551d354a057"}, {"url": "https://git.kernel.org/stable/c/0dd61ba03d05187726ecdf9c0e2175a81b9b24f6"}, {"url": "https://git.kernel.org/stable/c/79235c8add5da4bf27a12f5a5dbb579f300c059e"}, {"url": "https://git.kernel.org/stable/c/46da5c3ea011e884028a91cf913db093920a915b"}, {"url": "https://git.kernel.org/stable/c/07cd2787cdf8942d24a1a3ef81aa89b526fb6381"}, {"url": "https://git.kernel.org/stable/c/a504b9f2797b739e0304d537e8aa4ce883ecce39"}], "title": "thunderbolt: Validate XDomain request packet size before type cast", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{}

{"bugzilla": {"description": "kernel: thunderbolt: Validate XDomain request packet size before type cast", "id": "2492785", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492785"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["A flaw was found in the Linux kernel's Thunderbolt component. A remote attacker could exploit this vulnerability by sending a malformed XDomain packet. This could lead to an out-of-bounds read, potentially resulting in information disclosure or system instability."], "name": "CVE-2026-53147", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-53147\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-53147\nhttps://lore.kernel.org/linux-cve-announce/2026062546-CVE-2026-53147-9761@gregkh/T"], "threat_severity": "Moderate"}