782 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-53146
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - thunderbolt: Limit XDomain response copy to actual frame size tbxdomaincopy copies req-responsesize bytes from the received packet buffer regardless of the actu...
Linux Distros Unpatched Vulnerability : CVE-2026-53150
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - thunderbolt: Reject zero-length property entries in validator tbpropertyentryvalid accepts entries with length == 0 for DIRECTORY, DATA, and TEXT types. A...
Linux Distros Unpatched Vulnerability : CVE-2026-53149
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - thunderbolt: Bound root directory content to block size tbpropertyparsedir does not check that contentoffset + contentlen fits within blocklen for the root...
Linux Distros Unpatched Vulnerability : CVE-2026-53147
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - thunderbolt: Validate XDomain request packet size before type cast tbxdphandlerequest casts the received packet buffer to protocol-specific structs without...
Linux Distros Unpatched Vulnerability : CVE-2026-53164
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iommu/dma: Do not try to iommumap a 0 length region in swiotlb iommudmaiovalinkswiotlb processes a mapping that is unaligned in three parts, the head, middle an...
Linux Distros Unpatched Vulnerability : CVE-2026-53148
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - thunderbolt: Clamp XDomain response data copy to allocation size tbxdppropertiesrequest derives the per-packet copy length from the response header without...
thunderbolt: Clamp XDomain response data copy to allocation size
...
thunderbolt: Reject zero-length property entries in validator
...
thunderbolt: Bound root directory content to block size
...
thunderbolt: Limit XDomain response copy to actual frame size
...
CVE-2026-53149
A flaw was found in the Linux kernel's Thunderbolt driver. The tbpropertyparsedir function, responsible for parsing root directory content, does not properly validate the size of the content against the allocated block size. This oversight allows the system to read beyond the intended memory...
CVE-2026-53147
A flaw was found in the Linux kernel's Thunderbolt component. A remote attacker could exploit this vulnerability by sending a malformed XDomain packet. This could lead to an out-of-bounds read, potentially resulting in information disclosure or system instability...
CVE-2026-53164
A flaw was found in the Linux kernel's input/output memory management unit IOMMU Direct Memory Access DMA subsystem, specifically within the software IOMMU bounce buffer SWIOTLB mechanism. This vulnerability occurs when the system attempts to map a zero-length memory region, which can be triggere...
SUSE CVE-2026-53146
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Limit XDomain response copy to actual frame size tbxdomaincopy copies req-responsesize bytes from the received packet buffer regardless of the actual frame size. When a short response arrives, this reads past the val...
SUSE CVE-2026-53147
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tbxdphandlerequest casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer...
SUSE CVE-2026-53148
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Clamp XDomain response data copy to allocation size tbxdppropertiesrequest derives the per-packet copy length from the response header without checking that it fits in the previously allocated data buffer. A maliciou...
SUSE CVE-2026-53149
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Bound root directory content to block size tbpropertyparsedir does not check that contentoffset + contentlen fits within blocklen for the root directory case. When rootdir-length equals or exceeds blocklen - 2, the...
CVE-2026-53150
A flaw was found in the Linux kernel's Thunderbolt subsystem. The tbpropertyentryvalid function, which validates Thunderbolt property entries, accepts zero-length TEXT entries. This can cause an underflow in the null-termination logic, resulting in an out-of-bounds write to memory. This memory...
CVE-2026-53148
A flaw was found in the Linux kernel's Thunderbolt driver. A malicious peer can exploit this vulnerability by sending a specially crafted response that causes the system to write data beyond an allocated memory buffer. This out-of-bounds write can lead to memory corruption, which may allow an...
CVE-2026-53164
In the Linux kernel, the following vulnerability has been resolved: iommu/dma: Do not try to iommumap a 0 length region in swiotlb iommudmaiovalinkswiotlb processes a mapping that is unaligned in three parts, the head, middle and trailer. If the middle is empty because there are no aligned pages ...