{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-53149", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.387Z", "datePublished": "2026-06-25T08:38:34.869Z", "dateUpdated": "2026-06-25T08:38:34.869Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-25T08:38:34.869Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Bound root directory content to block size\n\n__tb_property_parse_dir() does not check that content_offset +\ncontent_len fits within block_len for the root directory case.\nWhen rootdir->length equals or exceeds block_len - 2, the entry\nloop reads past the allocated property block.\n\nAdd a bounds check after computing content_offset and content_len\nto reject directories whose content extends past the block."}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/thunderbolt/property.c"], "versions": [{"version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179", "lessThan": "5c7657d38d07268124782f03519f07c22a5814fb", "status": "affected", "versionType": "git"}, {"version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179", "lessThan": "b212bc161d8a9937b42153723a4a3f2f74fab528", "status": "affected", "versionType": "git"}, {"version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179", "lessThan": "1912be23daf4afc8d24ce916021ab68ca4c679db", "status": "affected", "versionType": "git"}, {"version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179", "lessThan": "4d0b1524caadb04c10a71f3f88692c63dcb39115", "status": "affected", "versionType": "git"}, {"version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179", "lessThan": "0a32040a48db8cf35de48b85d6115df5623e4964", "status": "affected", "versionType": "git"}, {"version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179", "lessThan": "60ba6217460792356a238299edd675d91d46bab4", "status": "affected", "versionType": "git"}, {"version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179", "lessThan": "cbeb68cbaa0a6f979ef428a7f2d0268c082ba166", "status": "affected", "versionType": "git"}, {"version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179", "lessThan": "65423079c7420e3dbf9a7aa345c243a3f5752e5d", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/thunderbolt/property.c"], "versions": [{"version": "4.15", "status": "affected"}, {"version": "0", "lessThan": "4.15", "status": "unaffected", "versionType": "semver"}, {"version": "5.10.259", "lessThanOrEqual": "5.10.*", "status": "unaffected", "versionType": "semver"}, {"version": "5.15.210", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.1.176", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.6.143", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.94", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.36", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.13", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "5.10.259"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "5.15.210"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.1.176"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.6.143"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.12.94"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "6.18.36"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "7.0.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.15", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/5c7657d38d07268124782f03519f07c22a5814fb"}, {"url": "https://git.kernel.org/stable/c/b212bc161d8a9937b42153723a4a3f2f74fab528"}, {"url": "https://git.kernel.org/stable/c/1912be23daf4afc8d24ce916021ab68ca4c679db"}, {"url": "https://git.kernel.org/stable/c/4d0b1524caadb04c10a71f3f88692c63dcb39115"}, {"url": "https://git.kernel.org/stable/c/0a32040a48db8cf35de48b85d6115df5623e4964"}, {"url": "https://git.kernel.org/stable/c/60ba6217460792356a238299edd675d91d46bab4"}, {"url": "https://git.kernel.org/stable/c/cbeb68cbaa0a6f979ef428a7f2d0268c082ba166"}, {"url": "https://git.kernel.org/stable/c/65423079c7420e3dbf9a7aa345c243a3f5752e5d"}], "title": "thunderbolt: Bound root directory content to block size", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{}

{"bugzilla": {"description": "kernel: thunderbolt: Bound root directory content to block size", "id": "2492764", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492764"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["A flaw was found in the Linux kernel's Thunderbolt driver. The `__tb_property_parse_dir()` function, responsible for parsing root directory content, does not properly validate the size of the content against the allocated block size. This oversight allows the system to read beyond the intended memory boundary when processing certain root directory lengths, potentially leading to a buffer over-read vulnerability. This could result in information disclosure or system instability."], "name": "CVE-2026-53149", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-53149\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-53149\nhttps://lore.kernel.org/linux-cve-announce/2026062546-CVE-2026-53149-d1c8@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[cdae7c07e3e3509eaabc18c1640a55dc5b99c179,5c7657d38d07268124782f03519f07c22a5814fb)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[cdae7c07e3e3509eaabc18c1640a55dc5b99c179,b212bc161d8a9937b42153723a4a3f2f74fab528)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[cdae7c07e3e3509eaabc18c1640a55dc5b99c179,1912be23daf4afc8d24ce916021ab68ca4c679db)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[cdae7c07e3e3509eaabc18c1640a55dc5b99c179,4d0b1524caadb04c10a71f3f88692c63dcb39115)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[cdae7c07e3e3509eaabc18c1640a55dc5b99c179,0a32040a48db8cf35de48b85d6115df5623e4964)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[cdae7c07e3e3509eaabc18c1640a55dc5b99c179,60ba6217460792356a238299edd675d91d46bab4)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[cdae7c07e3e3509eaabc18c1640a55dc5b99c179,cbeb68cbaa0a6f979ef428a7f2d0268c082ba166)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[cdae7c07e3e3509eaabc18c1640a55dc5b99c179,65423079c7420e3dbf9a7aa345c243a3f5752e5d)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "4.15"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,4.15)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.10.259,5.11.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[5.15.210,5.16.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.1.176,6.2.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.6.143,6.7.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.94,6.13.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.36,6.19.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0.13,7.1.0]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.1,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-06-25T12:15:03.849623+00:00", "updated": "2026-06-26T13:30:16.968278+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"], "weaknesses": ["CWE-125"]}