CVE-2026-53150
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved:
thunderbolt: Reject zero-length property entries in validator
tb_property_entry_valid() accepts entries with length == 0 for
DIRECTORY, DATA, and TEXT types. A zero-length TEXT entry passes
validation but causes an underflow in the null-termination logic:
property->value.text[property->length * 4 - 1] = '\0';
When property->length is 0 this writes to offset -1 relative to
the allocation.
Reject zero-length entries early in the validator since they have no
valid representation in the XDomain property protocol.
thunderbolt: Reject zero-length property entries in validator
tb_property_entry_valid() accepts entries with length == 0 for
DIRECTORY, DATA, and TEXT types. A zero-length TEXT entry passes
validation but causes an underflow in the null-termination logic:
property->value.text[property->length * 4 - 1] = '\0';
When property->length is 0 this writes to offset -1 relative to
the allocation.
Reject zero-length entries early in the validator since they have no
valid representation in the XDomain property protocol.
Vulnerability Details
Published Date
Last Modified
Source
NVD
Vendor
Linux
Product
Linux
External References
- https://git.kernel.org/stable/c/2e0ddac549ebd713eb9f4a15b6496e3440a17d8b
- https://git.kernel.org/stable/c/35d6c9252a152e756768a26dbf216b9dd9dd8e92
- https://git.kernel.org/stable/c/3b6e68cb97f725385010264a873e14a3921b6b8a
- https://git.kernel.org/stable/c/581c2053ab4dbe27e83c9e62deb4c73aa8dc0c3a
- https://git.kernel.org/stable/c/5f56bc6bddffe8710ba0ba8844023b5a44ca90e4
- https://git.kernel.org/stable/c/99d9dbad1463afb510d42c9714f846361d1b726d
- https://git.kernel.org/stable/c/ca11e7da4fba4b394f69e16448f4463c44c84de6
- https://git.kernel.org/stable/c/cff8eb65d1eafe7793e54b4d0cf6bf831644630b
Discussion (0)
Add Comment
No comments yet. Be the first!