CVE-2026-53150

thunderbolt: Reject zero-length property entries in validator

Assigner: Linux
Reserved: 09.06.2026 Published: 25.06.2026 Updated: 25.06.2026

In the Linux kernel, the following vulnerability has been resolved:

thunderbolt: Reject zero-length property entries in validator

tb_property_entry_valid() accepts entries with length == 0 for DIRECTORY, DATA, and TEXT types. A zero-length TEXT entry passes validation but causes an underflow in the null-termination logic:

property->value.text[property->length * 4 - 1] = '\0';

When property->length is 0 this writes to offset -1 relative to the allocation.

Reject zero-length entries early in the validator since they have no valid representation in the XDomain property protocol.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from cdae7c07e3e3509eaabc18c1640a55dc5b99c179 to 581c2053ab4dbe27e83c9e62deb4c73aa8dc0c3a (excl.) affected from cdae7c07e3e3509eaabc18c1640a55dc5b99c179 to 35d6c9252a152e756768a26dbf216b9dd9dd8e92 (excl.) affected from cdae7c07e3e3509eaabc18c1640a55dc5b99c179 to 99d9dbad1463afb510d42c9714f846361d1b726d (excl.) affected from cdae7c07e3e3509eaabc18c1640a55dc5b99c179 to 5f56bc6bddffe8710ba0ba8844023b5a44ca90e4 (excl.) affected from cdae7c07e3e3509eaabc18c1640a55dc5b99c179 to ca11e7da4fba4b394f69e16448f4463c44c84de6 (excl.) affected from cdae7c07e3e3509eaabc18c1640a55dc5b99c179 to 2e0ddac549ebd713eb9f4a15b6496e3440a17d8b (excl.) affected from cdae7c07e3e3509eaabc18c1640a55dc5b99c179 to 3b6e68cb97f725385010264a873e14a3921b6b8a (excl.) affected from cdae7c07e3e3509eaabc18c1640a55dc5b99c179 to cff8eb65d1eafe7793e54b4d0cf6bf831644630b (excl.)

Vendor

Linux

Product

Linux

Versions

Default: unaffected

affected from cdae7c07e3e3509eaabc18c1640a55dc5b99c179 to 581c2053ab4dbe27e83c9e62deb4c73aa8dc0c3a (excl.)
affected from cdae7c07e3e3509eaabc18c1640a55dc5b99c179 to 35d6c9252a152e756768a26dbf216b9dd9dd8e92 (excl.)
affected from cdae7c07e3e3509eaabc18c1640a55dc5b99c179 to 99d9dbad1463afb510d42c9714f846361d1b726d (excl.)
affected from cdae7c07e3e3509eaabc18c1640a55dc5b99c179 to 5f56bc6bddffe8710ba0ba8844023b5a44ca90e4 (excl.)
affected from cdae7c07e3e3509eaabc18c1640a55dc5b99c179 to ca11e7da4fba4b394f69e16448f4463c44c84de6 (excl.)
affected from cdae7c07e3e3509eaabc18c1640a55dc5b99c179 to 2e0ddac549ebd713eb9f4a15b6496e3440a17d8b (excl.)
affected from cdae7c07e3e3509eaabc18c1640a55dc5b99c179 to 3b6e68cb97f725385010264a873e14a3921b6b8a (excl.)
affected from cdae7c07e3e3509eaabc18c1640a55dc5b99c179 to cff8eb65d1eafe7793e54b4d0cf6bf831644630b (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 4.15 is affected unaffected from 0 to 4.15 (excl.) unaffected from 5.10.259 to 5.10.* (incl.) unaffected from 5.15.210 to 5.15.* (incl.) unaffected from 6.1.176 to 6.1.* (incl.) unaffected from 6.6.143 to 6.6.* (incl.) unaffected from 6.12.94 to 6.12.* (incl.) unaffected from 6.18.36 to 6.18.* (incl.) unaffected from 7.0.13 to 7.0.* (incl.) unaffected from 7.1 to * (incl.)

Vendor

Linux

Product

Linux

Versions

Default: affected

Version 4.15 is affected
unaffected from 0 to 4.15 (excl.)
unaffected from 5.10.259 to 5.10.* (incl.)
unaffected from 5.15.210 to 5.15.* (incl.)
unaffected from 6.1.176 to 6.1.* (incl.)
unaffected from 6.6.143 to 6.6.* (incl.)
unaffected from 6.12.94 to 6.12.* (incl.)
unaffected from 6.18.36 to 6.18.* (incl.)
unaffected from 7.0.13 to 7.0.* (incl.)
unaffected from 7.1 to * (incl.)

References

CVE-2026-53150 PUBLISHED

thunderbolt: Reject zero-length property entries in validator

Product Status

References