GHSA-PWH4-8CRG-2XVF
Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-06-25 09:31
VLAI
Details
In the Linux kernel, the following vulnerability has been resolved:
thunderbolt: Reject zero-length property entries in validator
tb_property_entry_valid() accepts entries with length == 0 for DIRECTORY, DATA, and TEXT types. A zero-length TEXT entry passes validation but causes an underflow in the null-termination logic:
property->value.text[property->length * 4 - 1] = '\0';
When property->length is 0 this writes to offset -1 relative to the allocation.
Reject zero-length entries early in the validator since they have no valid representation in the XDomain property protocol.
{
"affected": [],
"aliases": [
"CVE-2026-53150"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T09:16:32Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Reject zero-length property entries in validator\n\ntb_property_entry_valid() accepts entries with length == 0 for\nDIRECTORY, DATA, and TEXT types. A zero-length TEXT entry passes\nvalidation but causes an underflow in the null-termination logic:\n\n property-\u003evalue.text[property-\u003elength * 4 - 1] = \u0027\\0\u0027;\n\nWhen property-\u003elength is 0 this writes to offset -1 relative to\nthe allocation.\n\nReject zero-length entries early in the validator since they have no\nvalid representation in the XDomain property protocol.",
"id": "GHSA-pwh4-8crg-2xvf",
"modified": "2026-06-25T09:31:19Z",
"published": "2026-06-25T09:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53150"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2e0ddac549ebd713eb9f4a15b6496e3440a17d8b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/35d6c9252a152e756768a26dbf216b9dd9dd8e92"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3b6e68cb97f725385010264a873e14a3921b6b8a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/581c2053ab4dbe27e83c9e62deb4c73aa8dc0c3a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5f56bc6bddffe8710ba0ba8844023b5a44ca90e4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/99d9dbad1463afb510d42c9714f846361d1b726d"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ca11e7da4fba4b394f69e16448f4463c44c84de6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cff8eb65d1eafe7793e54b4d0cf6bf831644630b"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…