In the Linux kernel, the following vulnerability has been...
Moderate severity
Unreviewed
Published
Jun 25, 2026
to the GitHub Advisory Database
•
Updated Jul 6, 2026
Description
Published by the National Vulnerability Database
Jun 25, 2026
Published to the GitHub Advisory Database
Jun 25, 2026
Last updated
Jul 6, 2026
In the Linux kernel, the following vulnerability has been resolved:
thunderbolt: Reject zero-length property entries in validator
tb_property_entry_valid() accepts entries with length == 0 for
DIRECTORY, DATA, and TEXT types. A zero-length TEXT entry passes
validation but causes an underflow in the null-termination logic:
property->value.text[property->length * 4 - 1] = '\0';
When property->length is 0 this writes to offset -1 relative to
the allocation.
Reject zero-length entries early in the validator since they have no
valid representation in the XDomain property protocol.
References