Impact
tb_property_entry_valid() mistakenly accepts property entries of length zero for DIRECTORY, DATA, and TEXT types. The validator then writes a null terminator at the index property->value.text[property->length * 4 - 1], which evaluates to an offset of –1 when the length is zero. This results in an out‑of‑bounds write before the start of the allocated buffer, corrupting kernel memory. The official description explicitly states memory corruption; it does not claim further exploitation such as code execution or privilege escalation, though such downstream impacts could theoretically arise from the corruption.
Affected Systems
The flaw resides in the Linux kernel’s Thunderbolt driver. All active Linux kernel installations that load the thunderbolt kernel module are potentially affected, regardless of vendor or distribution, because the vendor/product identification is simply Linux:Linux and no specific version ranges are enumerated. Administrators should review if their deployments use the Thunderbolt driver and whether a patch release is available.
Risk and Exploitability
The CVSS score of 7.0 indicates a high severity of kernel memory corruption, but the EPSS score of less than 1% and the fact that the vulnerability is not listed in CISA’s KEV catalog suggest a low probability of active exploitation. The attack is likely to be local or result from devices connected via Thunderbolt, which usually requires physical or compromised firmware access. While the flaw can corrupt kernel memory, the CVE description does not provide evidence that an attacker could achieve higher privileges or execute arbitrary code. The potential impact remains limited to corruption unless additional vulnerabilities are chained.
OpenCVE Enrichment
Debian DLA