CVE-2026-53149

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Bound root directory content to block size __tb_property_parse_dir() does not check that content_offset + content_len fits within block_len for the root directory case. When rootdir->length equals or exceeds block_len - 2, the entry loop reads past the allocated property block. Add a bounds check after computing content_offset and content_len to reject directories whose content extends past the block.
CVSS

No CVSS.

Configurations

No configuration.

History

25 Jun 2026, 09:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-25 09:16

Updated : 2026-06-30 14:44


NVD link : CVE-2026-53149

Mitre link : CVE-2026-53149

CVE.ORG link : CVE-2026-53149


JSON object : View

Products Affected

No product.

CWE

No CWE.