What is CVE-2026-53149?

CVE-2026-53149 is a unscored severity Linux kernel vulnerability. CVE-2026-53149 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2026-53149?

CVE-2026-53149 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2026-53149?

No patch is currently available for CVE-2026-53149. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2026-53149 actively exploited?

CVE-2026-53149 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2026-53149

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Bound root directory content to block size __tb_property_parse_dir() does not check that content_offset + content_len fits within block_len for the root directory case. When rootdir->length equals or exceeds block_len - 2, the entry loop reads past the allocated property block. Add a bounds check after computing content_offset and content_len to reject directories whose content extends past the block.

Package Linux Kernel

Published 2026-06-25

Last modified 2026-06-25

Patch available

Awaiting data