What is CVE-2026-53146?

CVE-2026-53146 is a unscored severity Linux kernel vulnerability. CVE-2026-53146 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-53146?

CVE-2026-53146 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-53146?

No patch is currently available for CVE-2026-53146. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2026-53146 actively exploited?

CVE-2026-53146 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-53146

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Limit XDomain response copy to actual frame size tb_xdomain_copy() copies req->response_size bytes from the received packet buffer regardless of the actual frame size. When a short response arrives, this reads past the valid frame data in the DMA pool buffer into stale contents from previous transactions. Use the minimum of frame size and expected response size for the copy length.

Package Linux Kernel

Published 2026-06-25

Last modified 2026-06-25

Patch available

Awaiting data