CVE-2026-53149

Summary

In the Linux kernel, the following vulnerability has been resolved:

thunderbolt: Bound root directory content to block size

__tb_property_parse_dir() does not check that content_offset + content_len fits within block_len for the root directory case. When rootdir->length equals or exceeds block_len - 2, the entry loop reads past the allocated property block.

Add a bounds check after computing content_offset and content_len to reject directories whose content extends past the block.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxcdae7c07e3e3509eaabc18c1640a55dc5b99c179 < 5c7657d38d07268124782f03519f07c22a5814fbaffected
LinuxLinuxcdae7c07e3e3509eaabc18c1640a55dc5b99c179 < b212bc161d8a9937b42153723a4a3f2f74fab528affected
LinuxLinuxcdae7c07e3e3509eaabc18c1640a55dc5b99c179 < 1912be23daf4afc8d24ce916021ab68ca4c679dbaffected
LinuxLinuxcdae7c07e3e3509eaabc18c1640a55dc5b99c179 < 4d0b1524caadb04c10a71f3f88692c63dcb39115affected
LinuxLinuxcdae7c07e3e3509eaabc18c1640a55dc5b99c179 < 0a32040a48db8cf35de48b85d6115df5623e4964affected
LinuxLinuxcdae7c07e3e3509eaabc18c1640a55dc5b99c179 < 60ba6217460792356a238299edd675d91d46bab4affected
LinuxLinuxcdae7c07e3e3509eaabc18c1640a55dc5b99c179 < cbeb68cbaa0a6f979ef428a7f2d0268c082ba166affected
LinuxLinuxcdae7c07e3e3509eaabc18c1640a55dc5b99c179 < 65423079c7420e3dbf9a7aa345c243a3f5752e5daffected
LinuxLinux4.15affected
LinuxLinux0 < 4.15unaffected
LinuxLinux5.10.259 <= 5.10.*unaffected
LinuxLinux5.15.210 <= 5.15.*unaffected
LinuxLinux6.1.176 <= 6.1.*unaffected
LinuxLinux6.6.143 <= 6.6.*unaffected
LinuxLinux6.12.94 <= 6.12.*unaffected
LinuxLinux6.18.36 <= 6.18.*unaffected
LinuxLinux7.0.13 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References