NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-53148

Summary	In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Clamp XDomain response data copy to allocation size tb_xdp_properties_request() derives the per-packet copy length from the response header without checking that it fits in the previously allocated data buffer. A malicious peer can set its length field larger than the declared data_length, causing memcpy to write past the kcalloc allocation. Clamp the per-packet copy length so that the cumulative offset never exceeds data_len.
Publication Date	June 25, 2026, 6:16 p.m.
Registration Date	June 27, 2026, 4:25 a.m.
Last Update	June 25, 2026, 6:16 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://git.kernel.org/stable/c/05a43157676c243c248d1c6d9dcecbe6eba2f35d	416baaa9-dc9f-4396-8d5f-8c081fb06d67
2	https://git.kernel.org/stable/c/0b334279a82d79fb4723bd4f614305de1ab69caa	416baaa9-dc9f-4396-8d5f-8c081fb06d67
3	https://git.kernel.org/stable/c/322e93448d908434ae5545660fcbe8f5a7a8e141	416baaa9-dc9f-4396-8d5f-8c081fb06d67
4	https://git.kernel.org/stable/c/5db10c8ad8c09f72c847dfeef3d876098257f505	416baaa9-dc9f-4396-8d5f-8c081fb06d67
5	https://git.kernel.org/stable/c/6021d39ccd979713b39b980286020d8f9a45efd1	416baaa9-dc9f-4396-8d5f-8c081fb06d67
6	https://git.kernel.org/stable/c/89ae04365e01d5ae4aae83044a8bbd2a9aaf8d0d	416baaa9-dc9f-4396-8d5f-8c081fb06d67
7	https://git.kernel.org/stable/c/906035d5c3784570191d259cbf9a0ac1617852b5	416baaa9-dc9f-4396-8d5f-8c081fb06d67
8	https://git.kernel.org/stable/c/fcbd0cdab92838854a5818be7ed8a097164ef6d5	416baaa9-dc9f-4396-8d5f-8c081fb06d67

Common Vulnerabilities List