CVE-2026-53147 - CERT CVE
ID CVE-2026-53147
Sažetak In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tb_xdp_handle_request() casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer can send a minimal XDomain packet that passes the generic header length check but is shorter than the struct accessed after the cast, causing out-of- bounds reads from the kmemdup allocation. Plumb the packet length through xdomain_request_work and validate it against the expected struct size before each cast.
Reference
CVSS
Base: 8.1
Impact: 5.2
Exploitability:2.8
Pristup
VektorSloženostAutentikacija
ADJACENT_NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
HIGH NONE HIGH
CVSS vektor CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Zadnje važnije ažuriranje 06-07-2026 - 14:13
Objavljeno 25-06-2026 - 09:16