thunderbolt: Reject zero-length property entries in validator

Summary

CVE	CVE-2026-53150
State	PUBLISHED
Assigner	Linux
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-06-25 09:16:32 UTC
Updated	2026-06-25 09:16:32 UTC
Description	In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Reject zero-length property entries in validator tb_property_entry_valid() accepts entries with length == 0 for DIRECTORY, DATA, and TEXT types. A zero-length TEXT entry passes validation but causes an underflow in the null-termination logic: property->value.text[property->length * 4 - 1] = '\0'; When property->length is 0 this writes to offset -1 relative to the allocation. Reject zero-length entries early in the validator since they have no valid representation in the XDomain property protocol.

Risk And Classification

EPSS: 0.001840000 probability, percentile 0.082010000 (date 2026-06-26)

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Linux	Linux	affected cdae7c07e3e3509eaabc18c1640a55dc5b99c179 581c2053ab4dbe27e83c9e62deb4c73aa8dc0c3a git	Not specified
CNA	Linux	Linux	affected cdae7c07e3e3509eaabc18c1640a55dc5b99c179 35d6c9252a152e756768a26dbf216b9dd9dd8e92 git	Not specified
CNA	Linux	Linux	affected cdae7c07e3e3509eaabc18c1640a55dc5b99c179 99d9dbad1463afb510d42c9714f846361d1b726d git	Not specified
CNA	Linux	Linux	affected cdae7c07e3e3509eaabc18c1640a55dc5b99c179 5f56bc6bddffe8710ba0ba8844023b5a44ca90e4 git	Not specified
CNA	Linux	Linux	affected cdae7c07e3e3509eaabc18c1640a55dc5b99c179 ca11e7da4fba4b394f69e16448f4463c44c84de6 git	Not specified
CNA	Linux	Linux	affected cdae7c07e3e3509eaabc18c1640a55dc5b99c179 2e0ddac549ebd713eb9f4a15b6496e3440a17d8b git	Not specified
CNA	Linux	Linux	affected cdae7c07e3e3509eaabc18c1640a55dc5b99c179 3b6e68cb97f725385010264a873e14a3921b6b8a git	Not specified
CNA	Linux	Linux	affected cdae7c07e3e3509eaabc18c1640a55dc5b99c179 cff8eb65d1eafe7793e54b4d0cf6bf831644630b git	Not specified
CNA	Linux	Linux	affected 4.15	Not specified
CNA	Linux	Linux	unaffected 4.15 semver	Not specified
CNA	Linux	Linux	unaffected 5.10.259 5.10.* semver	Not specified
CNA	Linux	Linux	unaffected 5.15.210 5.15.* semver	Not specified
CNA	Linux	Linux	unaffected 6.1.176 6.1.* semver	Not specified
CNA	Linux	Linux	unaffected 6.6.143 6.6.* semver	Not specified
CNA	Linux	Linux	unaffected 6.12.94 6.12.* semver	Not specified
CNA	Linux	Linux	unaffected 6.18.36 6.18.* semver	Not specified
CNA	Linux	Linux	unaffected 7.0.13 7.0.* semver	Not specified
CNA	Linux	Linux	unaffected 7.1 * original_commit_for_fix	Not specified

References

Reference	Source	Link	Tags
git.kernel.org/stable/c/581c2053ab4dbe27e83c9e62deb4c73aa8dc0c3a	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/5f56bc6bddffe8710ba0ba8844023b5a44ca90e4	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/99d9dbad1463afb510d42c9714f846361d1b726d	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/2e0ddac549ebd713eb9f4a15b6496e3440a17d8b	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/cff8eb65d1eafe7793e54b4d0cf6bf831644630b	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/35d6c9252a152e756768a26dbf216b9dd9dd8e92	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/ca11e7da4fba4b394f69e16448f4463c44c84de6	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
git.kernel.org/stable/c/3b6e68cb97f725385010264a873e14a3921b6b8a	416baaa9-dc9f-4396-8d5f-8c081fb06d67	git.kernel.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.