GHSA-PWH4-8CRG-2XVF

Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-06-25 09:31
VLAI
Details

In the Linux kernel, the following vulnerability has been resolved:

thunderbolt: Reject zero-length property entries in validator

tb_property_entry_valid() accepts entries with length == 0 for DIRECTORY, DATA, and TEXT types. A zero-length TEXT entry passes validation but causes an underflow in the null-termination logic:

property->value.text[property->length * 4 - 1] = '\0';

When property->length is 0 this writes to offset -1 relative to the allocation.

Reject zero-length entries early in the validator since they have no valid representation in the XDomain property protocol.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-53150"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-25T09:16:32Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Reject zero-length property entries in validator\n\ntb_property_entry_valid() accepts entries with length == 0 for\nDIRECTORY, DATA, and TEXT types.  A zero-length TEXT entry passes\nvalidation but causes an underflow in the null-termination logic:\n\n  property-\u003evalue.text[property-\u003elength * 4 - 1] = \u0027\\0\u0027;\n\nWhen property-\u003elength is 0 this writes to offset -1 relative to\nthe allocation.\n\nReject zero-length entries early in the validator since they have no\nvalid representation in the XDomain property protocol.",
  "id": "GHSA-pwh4-8crg-2xvf",
  "modified": "2026-06-25T09:31:19Z",
  "published": "2026-06-25T09:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53150"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/2e0ddac549ebd713eb9f4a15b6496e3440a17d8b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/35d6c9252a152e756768a26dbf216b9dd9dd8e92"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/3b6e68cb97f725385010264a873e14a3921b6b8a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/581c2053ab4dbe27e83c9e62deb4c73aa8dc0c3a"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/5f56bc6bddffe8710ba0ba8844023b5a44ca90e4"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/99d9dbad1463afb510d42c9714f846361d1b726d"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/ca11e7da4fba4b394f69e16448f4463c44c84de6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/cff8eb65d1eafe7793e54b4d0cf6bf831644630b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…