CVE-2026-53146

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Limit XDomain response copy to actual frame size tb_xdomain_copy() copies req->response_size bytes from the received packet buffer regardless of the actual frame size. When a short response arrives, this reads past the valid frame data in the DMA pool buffer into stale contents from previous transactions. Use the minimum of frame size and expected response size for the copy length.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*

History

06 Jul 2026, 14:13

Type Values Removed Values Added
References () https://git.kernel.org/stable/c/033dfa63bf6be2653441a1dccae4a8313a91bb9d - () https://git.kernel.org/stable/c/033dfa63bf6be2653441a1dccae4a8313a91bb9d - Patch
References () https://git.kernel.org/stable/c/4db2bd2ed4785dbadaeeab9f4e346b21ac5fb8eb - () https://git.kernel.org/stable/c/4db2bd2ed4785dbadaeeab9f4e346b21ac5fb8eb - Patch
References () https://git.kernel.org/stable/c/7720654b4842bcdfeb64bc002f6186041849e1e7 - () https://git.kernel.org/stable/c/7720654b4842bcdfeb64bc002f6186041849e1e7 - Patch
References () https://git.kernel.org/stable/c/a15b6d3136accb2bf84b04d9a3ddd991f7fbf1cb - () https://git.kernel.org/stable/c/a15b6d3136accb2bf84b04d9a3ddd991f7fbf1cb - Patch
References () https://git.kernel.org/stable/c/b2c1e5d9f1598cc1a4736d5c6bd1218f90805ee4 - () https://git.kernel.org/stable/c/b2c1e5d9f1598cc1a4736d5c6bd1218f90805ee4 - Patch
References () https://git.kernel.org/stable/c/b5daa920f44cb582272fc9bfaeb67408776cbaef - () https://git.kernel.org/stable/c/b5daa920f44cb582272fc9bfaeb67408776cbaef - Patch
References () https://git.kernel.org/stable/c/c55da494dfb445fb28df3a9d293c2be6a299cd01 - () https://git.kernel.org/stable/c/c55da494dfb445fb28df3a9d293c2be6a299cd01 - Patch
References () https://git.kernel.org/stable/c/fc261397295b8ad0654cec747b0ec25ea0011995 - () https://git.kernel.org/stable/c/fc261397295b8ad0654cec747b0ec25ea0011995 - Patch
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*
CWE NVD-CWE-noinfo
First Time Linux linux Kernel
Linux

28 Jun 2026, 08:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.1

25 Jun 2026, 09:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-25 09:16

Updated : 2026-07-06 14:13


NVD link : CVE-2026-53146

Mitre link : CVE-2026-53146

CVE.ORG link : CVE-2026-53146


JSON object : View

Products Affected

linux

  • linux_kernel