What is CVE-2026-53147?

CVE-2026-53147 is a unscored severity Linux kernel vulnerability. CVE-2026-53147 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-53147?

CVE-2026-53147 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-53147?

No patch is currently available for CVE-2026-53147. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2026-53147 actively exploited?

CVE-2026-53147 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-53147

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tb_xdp_handle_request() casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer can send a minimal XDomain packet that passes the generic header length check but is shorter than the struct accessed after the cast, causing out-of- bounds reads from the kmemdup allocation. Plumb the packet length through xdomain_request_work and validate it against the expected struct size before each cast.

Package Linux Kernel

Published 2026-06-25

Last modified 2026-06-25

Patch available

Awaiting data