Description
In the Linux kernel, the following vulnerability has been resolved:

thunderbolt: Bound root directory content to block size

__tb_property_parse_dir() does not check that content_offset +
content_len fits within block_len for the root directory case.
When rootdir->length equals or exceeds block_len - 2, the entry
loop reads past the allocated property block.

Add a bounds check after computing content_offset and content_len
to reject directories whose content extends past the block.
Published: 2026-06-25
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the thunderbolt driver’s directory parsing routine, where the function __tb_property_parse_dir fails to verify that the sum of content_offset and content_len does not exceed the block length for the root directory. This omission allows the driver to read beyond the allocated property block, potentially leaking kernel memory content to user space. The weakness is an out‑of‑bounds read due to a bounds‑check bypass.

Affected Systems

All unpatched Linux kernel builds that include the thunderbolt subsystem are impacted. The affected code is part of the generic kernel tree, so any distribution shipping a kernel prior to the referenced patch commits is vulnerable, regardless of vendor distribution.

Risk and Exploitability

Based on the description, it is inferred that the attack vector requires local execution to trigger the Thunderbolt property parser and cause the out‑of‑bounds read. There is no known public exploit and the EPSS score is not available; the vulnerability is not listed in the CISA KEV catalog. An attacker with local privileges could read kernel memory, but remote code execution is not possible. Consequently, the risk is moderate for systems hosting untrusted users, but prompt remediation is recommended to prevent accidental or malicious information disclosure.

Generated by OpenCVE AI on June 25, 2026 at 12:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that contains the commit changes referenced in the advisory to add the necessary bounds check for thunderbolt directories.
  • Disable Thunderbolt hardware support in the system BIOS or set the kernel boot parameter thunderbolt.disable=1 to eliminate the vulnerable code path for all users.
  • Prevent the thunderbolt module from loading by adding a blacklist entry in /etc/modprobe.d/blacklist.conf or using a kernel module blacklist.

Generated by OpenCVE AI on June 25, 2026 at 12:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Bound root directory content to block size __tb_property_parse_dir() does not check that content_offset + content_len fits within block_len for the root directory case. When rootdir->length equals or exceeds block_len - 2, the entry loop reads past the allocated property block. Add a bounds check after computing content_offset and content_len to reject directories whose content extends past the block.
Title thunderbolt: Bound root directory content to block size
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-25T08:38:34.869Z

Reserved: 2026-06-09T07:44:35.387Z

Link: CVE-2026-53149

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T15:00:05Z

Weaknesses