Out-of-bounds read in Linux kernel - CVE-2026-53146
Published: June 26, 2026
Vulnerability identifier: #VU135650
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-53146
CWE-ID: CWE-125
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in tb_xdomain_copy() in the thunderbolt xdomain component when processing a short response frame. A local user can send a specially crafted short response to disclose sensitive information.
How to mitigate CVE-2026-53146
Install security update from vendor's repository.
Sources
- https://git.kernel.org/stable/c/033dfa63bf6be2653441a1dccae4a8313a91bb9d
- https://git.kernel.org/stable/c/4db2bd2ed4785dbadaeeab9f4e346b21ac5fb8eb
- https://git.kernel.org/stable/c/7720654b4842bcdfeb64bc002f6186041849e1e7
- https://git.kernel.org/stable/c/a15b6d3136accb2bf84b04d9a3ddd991f7fbf1cb
- https://git.kernel.org/stable/c/b2c1e5d9f1598cc1a4736d5c6bd1218f90805ee4
- https://git.kernel.org/stable/c/b5daa920f44cb582272fc9bfaeb67408776cbaef
- https://git.kernel.org/stable/c/c55da494dfb445fb28df3a9d293c2be6a299cd01
- https://git.kernel.org/stable/c/fc261397295b8ad0654cec747b0ec25ea0011995