tb_xdp_handle_request() in the Linux kernel casts a received XDomain packet buffer to protocol‑specific structs without verifying that the allocated memory is large enough for the target type. A malicious peer can send a minimal XDomain packet that satisfies the generic header length check but is still shorter than the struct required after the cast, resulting in an out‑of‑bounds read from the kmemdup allocation. This read can expose kernel memory contents, potentially leading to information disclosure or paving the way to more serious exploitation. The weakness corresponds to CWE‑119.

The vulnerability affects the Linux kernel, specifically the Thunderbolt XDomain packet handling code. All current kernel versions that have not applied the patch that validates packet size before casting are impacted. No specific sub‑versions are listed, so any system running an unpatched kernel is at risk.

While no CVSS score or EPSS data is available and the issue is not listed in CISA's KEV catalog, the exploit is plausible for anyone that can control Thunderbolt traffic entering the kernel. Because the flaw occurs at privileged kernel level, the potential impact could include denial of service through a kernel crash or further escalation to kernel execution. The lack of official KEV status does not mitigate the risk; systems that can receive Thunderbolt packets should treat this as a high‑priority issue.