Vulnerability-Lookup

CVE-2026-53147 (GCVE-0-2026-53147)

Vulnerability from cvelistv5 – Published: 2026-06-25 08:38 – Updated: 2026-06-28 06:39

Title

thunderbolt: Validate XDomain request packet size before type cast

Summary

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tb_xdp_handle_request() casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer can send a minimal XDomain packet that passes the generic header length check but is shorter than the struct accessed after the cast, causing out-of- bounds reads from the kmemdup allocation. Plumb the packet length through xdomain_request_work and validate it against the expected struct size before each cast.

Severity

8.1 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Assigner

Linux

References

6 references

URL	Tags
https://git.kernel.org/stable/c/a770e62923090d757…
https://git.kernel.org/stable/c/0dd61ba03d0518772…
https://git.kernel.org/stable/c/79235c8add5da4bf2…
https://git.kernel.org/stable/c/46da5c3ea011e8840…
https://git.kernel.org/stable/c/07cd2787cdf8942d2…
https://git.kernel.org/stable/c/a504b9f2797b739e0…

Impacted products

2 products

Vendor	Product	Version
Linux	Linux	Affected: cdae7c07e3e3509eaabc18c1640a55dc5b99c179 , < a770e62923090d7572f1f5a8507ae551d354a057 (git) Affected: cdae7c07e3e3509eaabc18c1640a55dc5b99c179 , < 0dd61ba03d05187726ecdf9c0e2175a81b9b24f6 (git) Affected: cdae7c07e3e3509eaabc18c1640a55dc5b99c179 , < 79235c8add5da4bf27a12f5a5dbb579f300c059e (git) Affected: cdae7c07e3e3509eaabc18c1640a55dc5b99c179 , < 46da5c3ea011e884028a91cf913db093920a915b (git) Affected: cdae7c07e3e3509eaabc18c1640a55dc5b99c179 , < 07cd2787cdf8942d24a1a3ef81aa89b526fb6381 (git) Affected: cdae7c07e3e3509eaabc18c1640a55dc5b99c179 , < a504b9f2797b739e0304d537e8aa4ce883ecce39 (git)
Linux	Linux	Affected: 4.15 Unaffected: 0 , < 4.15 (semver) Unaffected: 6.1.176 , ≤ 6.1.* (semver) Unaffected: 6.6.143 , ≤ 6.6.* (semver) Unaffected: 6.12.94 , ≤ 6.12.* (semver) Unaffected: 6.18.36 , ≤ 6.18.* (semver) Unaffected: 7.0.13 , ≤ 7.0.* (semver) Unaffected: 7.1 , ≤ * (original_commit_for_fix)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/thunderbolt/xdomain.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "a770e62923090d7572f1f5a8507ae551d354a057",
              "status": "affected",
              "version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179",
              "versionType": "git"
            },
            {
              "lessThan": "0dd61ba03d05187726ecdf9c0e2175a81b9b24f6",
              "status": "affected",
              "version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179",
              "versionType": "git"
            },
            {
              "lessThan": "79235c8add5da4bf27a12f5a5dbb579f300c059e",
              "status": "affected",
              "version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179",
              "versionType": "git"
            },
            {
              "lessThan": "46da5c3ea011e884028a91cf913db093920a915b",
              "status": "affected",
              "version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179",
              "versionType": "git"
            },
            {
              "lessThan": "07cd2787cdf8942d24a1a3ef81aa89b526fb6381",
              "status": "affected",
              "version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179",
              "versionType": "git"
            },
            {
              "lessThan": "a504b9f2797b739e0304d537e8aa4ce883ecce39",
              "status": "affected",
              "version": "cdae7c07e3e3509eaabc18c1640a55dc5b99c179",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/thunderbolt/xdomain.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "4.15"
            },
            {
              "lessThan": "4.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.176",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.143",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.36",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.*",
              "status": "unaffected",
              "version": "7.0.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.176",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.143",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.94",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.36",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0.13",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.1",
                  "versionStartIncluding": "4.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Validate XDomain request packet size before type cast\n\ntb_xdp_handle_request() casts the received packet buffer to\nprotocol-specific structs without verifying that the allocation\nis large enough for the target type.  A peer can send a minimal\nXDomain packet that passes the generic header length check but is\nshorter than the struct accessed after the cast, causing out-of-\nbounds reads from the kmemdup allocation.\n\nPlumb the packet length through xdomain_request_work and validate\nit against the expected struct size before each cast."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-28T06:39:32.188Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/a770e62923090d7572f1f5a8507ae551d354a057"
        },
        {
          "url": "https://git.kernel.org/stable/c/0dd61ba03d05187726ecdf9c0e2175a81b9b24f6"
        },
        {
          "url": "https://git.kernel.org/stable/c/79235c8add5da4bf27a12f5a5dbb579f300c059e"
        },
        {
          "url": "https://git.kernel.org/stable/c/46da5c3ea011e884028a91cf913db093920a915b"
        },
        {
          "url": "https://git.kernel.org/stable/c/07cd2787cdf8942d24a1a3ef81aa89b526fb6381"
        },
        {
          "url": "https://git.kernel.org/stable/c/a504b9f2797b739e0304d537e8aa4ce883ecce39"
        }
      ],
      "title": "thunderbolt: Validate XDomain request packet size before type cast",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-53147",
    "datePublished": "2026-06-25T08:38:33.547Z",
    "dateReserved": "2026-06-09T07:44:35.387Z",
    "dateUpdated": "2026-06-28T06:39:32.188Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-53147",
      "date": "2026-06-29",
      "epss": "0.00283",
      "percentile": "0.20022"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-53147\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-06-25T09:16:32.037\",\"lastModified\":\"2026-06-28T08:16:35.013\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nthunderbolt: Validate XDomain request packet size before type cast\\n\\ntb_xdp_handle_request() casts the received packet buffer to\\nprotocol-specific structs without verifying that the allocation\\nis large enough for the target type.  A peer can send a minimal\\nXDomain packet that passes the generic header length check but is\\nshorter than the struct accessed after the cast, causing out-of-\\nbounds reads from the kmemdup allocation.\\n\\nPlumb the packet length through xdomain_request_work and validate\\nit against the expected struct size before each cast.\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"drivers/thunderbolt/xdomain.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"cdae7c07e3e3509eaabc18c1640a55dc5b99c179\",\"lessThan\":\"a770e62923090d7572f1f5a8507ae551d354a057\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"cdae7c07e3e3509eaabc18c1640a55dc5b99c179\",\"lessThan\":\"0dd61ba03d05187726ecdf9c0e2175a81b9b24f6\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"cdae7c07e3e3509eaabc18c1640a55dc5b99c179\",\"lessThan\":\"79235c8add5da4bf27a12f5a5dbb579f300c059e\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"cdae7c07e3e3509eaabc18c1640a55dc5b99c179\",\"lessThan\":\"46da5c3ea011e884028a91cf913db093920a915b\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"cdae7c07e3e3509eaabc18c1640a55dc5b99c179\",\"lessThan\":\"07cd2787cdf8942d24a1a3ef81aa89b526fb6381\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"cdae7c07e3e3509eaabc18c1640a55dc5b99c179\",\"lessThan\":\"a504b9f2797b739e0304d537e8aa4ce883ecce39\",\"versionType\":\"git\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"drivers/thunderbolt/xdomain.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"4.15\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"4.15\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.1.176\",\"lessThanOrEqual\":\"6.1.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.6.143\",\"lessThanOrEqual\":\"6.6.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.12.94\",\"lessThanOrEqual\":\"6.12.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.18.36\",\"lessThanOrEqual\":\"6.18.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.0.13\",\"lessThanOrEqual\":\"7.0.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.1\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}]},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/07cd2787cdf8942d24a1a3ef81aa89b526fb6381\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/0dd61ba03d05187726ecdf9c0e2175a81b9b24f6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/46da5c3ea011e884028a91cf913db093920a915b\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/79235c8add5da4bf27a12f5a5dbb579f300c059e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a504b9f2797b739e0304d537e8aa4ce883ecce39\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/a770e62923090d7572f1f5a8507ae551d354a057\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}

CERTFR-2026-AVI-0812

Vulnerability from certfr_avis - Published: 2026-06-29 - Updated: 2026-06-29

De multiples vulnérabilités ont été découvertes dans Microsoft Azure Linux. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Microsoft	Azure Linux	azl3 libssh2 1.11.1-2 versions antérieures à 1.11.1-3
Microsoft	Azure Linux	azl3 libssh2 1.11.1-3 versions antérieures à 1.11.1-3
Microsoft	Azure Linux	azl3 nodejs 24.14.1-3 versions antérieures à 24.17.0-1
Microsoft	Azure Linux	azl3 kernel 6.6.141.1-1 versions antérieures à 6.6.143.1-1

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft CVE-2026-53215	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53209	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52912	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-9697	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53080	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53247	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53218	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53221	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53255	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52926	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52916	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52924	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53239	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53254	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-9675	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52930	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52941	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53236	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53176	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52942	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53268	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53266	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53160	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53148	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53270	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53217	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52934	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53253	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52943	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53227	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53182	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53230	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53186	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53184	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53161	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52923	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53237	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53213	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52947	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53245	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52922	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53159	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53150	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53275	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53133	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53264	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53267	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53265	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53196	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53219	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53149	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53242	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53146	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53252	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53194	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52919	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52931	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52921	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53181	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53154	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52913	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53135	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53183	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53249	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53228	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53147	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53143	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53158	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52915	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53238	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53263	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53207	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53225	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53214	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-55200	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53177	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53199	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-52927	2026-06-27	vendor-advisory
Bulletin de sécurité Microsoft CVE-2026-53274	2026-06-27	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "azl3 libssh2 1.11.1-2 versions ant\u00e9rieures \u00e0 1.11.1-3",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 libssh2 1.11.1-3 versions ant\u00e9rieures \u00e0 1.11.1-3",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 nodejs 24.14.1-3 versions ant\u00e9rieures \u00e0 24.17.0-1",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "azl3 kernel 6.6.141.1-1 versions ant\u00e9rieures \u00e0 6.6.143.1-1",
      "product": {
        "name": "Azure Linux",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2026-9697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9697"
    },
    {
      "name": "CVE-2026-53230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53230"
    },
    {
      "name": "CVE-2026-52934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52934"
    },
    {
      "name": "CVE-2026-53214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53214"
    },
    {
      "name": "CVE-2026-53274",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53274"
    },
    {
      "name": "CVE-2026-52947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52947"
    },
    {
      "name": "CVE-2026-53218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53218"
    },
    {
      "name": "CVE-2026-53143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53143"
    },
    {
      "name": "CVE-2026-53161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53161"
    },
    {
      "name": "CVE-2026-52924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52924"
    },
    {
      "name": "CVE-2026-53227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53227"
    },
    {
      "name": "CVE-2026-53239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53239"
    },
    {
      "name": "CVE-2026-53181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53181"
    },
    {
      "name": "CVE-2026-52943",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52943"
    },
    {
      "name": "CVE-2026-52915",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52915"
    },
    {
      "name": "CVE-2026-53146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53146"
    },
    {
      "name": "CVE-2026-52913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52913"
    },
    {
      "name": "CVE-2026-52941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52941"
    },
    {
      "name": "CVE-2026-53150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53150"
    },
    {
      "name": "CVE-2026-53147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53147"
    },
    {
      "name": "CVE-2026-52942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52942"
    },
    {
      "name": "CVE-2026-53183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53183"
    },
    {
      "name": "CVE-2026-52931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52931"
    },
    {
      "name": "CVE-2026-52919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52919"
    },
    {
      "name": "CVE-2026-53266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53266"
    },
    {
      "name": "CVE-2026-53149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53149"
    },
    {
      "name": "CVE-2026-53176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53176"
    },
    {
      "name": "CVE-2026-53158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53158"
    },
    {
      "name": "CVE-2026-53219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53219"
    },
    {
      "name": "CVE-2026-53249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53249"
    },
    {
      "name": "CVE-2026-53217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53217"
    },
    {
      "name": "CVE-2026-52916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52916"
    },
    {
      "name": "CVE-2026-53236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53236"
    },
    {
      "name": "CVE-2026-53225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53225"
    },
    {
      "name": "CVE-2026-52922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52922"
    },
    {
      "name": "CVE-2026-53209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53209"
    },
    {
      "name": "CVE-2026-53135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53135"
    },
    {
      "name": "CVE-2026-52927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52927"
    },
    {
      "name": "CVE-2026-53237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53237"
    },
    {
      "name": "CVE-2026-53186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53186"
    },
    {
      "name": "CVE-2026-53182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53182"
    },
    {
      "name": "CVE-2026-53177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53177"
    },
    {
      "name": "CVE-2026-53255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53255"
    },
    {
      "name": "CVE-2026-53207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53207"
    },
    {
      "name": "CVE-2026-53160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53160"
    },
    {
      "name": "CVE-2026-53245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53245"
    },
    {
      "name": "CVE-2026-53148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53148"
    },
    {
      "name": "CVE-2026-53133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53133"
    },
    {
      "name": "CVE-2026-53263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53263"
    },
    {
      "name": "CVE-2026-53228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53228"
    },
    {
      "name": "CVE-2026-53194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53194"
    },
    {
      "name": "CVE-2026-53242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53242"
    },
    {
      "name": "CVE-2026-53199",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53199"
    },
    {
      "name": "CVE-2026-53247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53247"
    },
    {
      "name": "CVE-2026-53268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53268"
    },
    {
      "name": "CVE-2026-53159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53159"
    },
    {
      "name": "CVE-2026-9675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-9675"
    },
    {
      "name": "CVE-2026-53080",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53080"
    },
    {
      "name": "CVE-2026-53267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53267"
    },
    {
      "name": "CVE-2026-52912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52912"
    },
    {
      "name": "CVE-2026-53221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53221"
    },
    {
      "name": "CVE-2026-53275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53275"
    },
    {
      "name": "CVE-2026-55200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-55200"
    },
    {
      "name": "CVE-2026-53215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53215"
    },
    {
      "name": "CVE-2026-53253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53253"
    },
    {
      "name": "CVE-2026-53252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53252"
    },
    {
      "name": "CVE-2026-53270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53270"
    },
    {
      "name": "CVE-2026-53264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53264"
    },
    {
      "name": "CVE-2026-53184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53184"
    },
    {
      "name": "CVE-2026-53254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53254"
    },
    {
      "name": "CVE-2026-53238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53238"
    },
    {
      "name": "CVE-2026-52921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52921"
    },
    {
      "name": "CVE-2026-53213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53213"
    },
    {
      "name": "CVE-2026-52930",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52930"
    },
    {
      "name": "CVE-2026-53265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53265"
    },
    {
      "name": "CVE-2026-52923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52923"
    },
    {
      "name": "CVE-2026-53154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53154"
    },
    {
      "name": "CVE-2026-53196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-53196"
    },
    {
      "name": "CVE-2026-52926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-52926"
    }
  ],
  "initial_release_date": "2026-06-29T00:00:00",
  "last_revision_date": "2026-06-29T00:00:00",
  "links": [],
  "reference": "CERTFR-2026-AVI-0812",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2026-06-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Azure Linux. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Azure Linux",
  "vendor_advisories": [
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53215",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53215"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53209",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53209"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52912",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52912"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-9697",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-9697"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53080",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53080"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53247",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53247"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53218",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53218"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53221",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53221"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53255",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53255"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52926",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52926"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52916",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52916"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52924",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52924"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53239",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53239"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53254",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53254"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-9675",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-9675"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52930",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52930"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52941",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52941"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53236",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53236"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53176",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53176"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52942",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52942"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53268",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53268"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53266",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53266"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53160",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53160"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53148",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53148"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53270",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53270"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53217",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53217"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52934",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52934"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53253",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53253"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52943",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52943"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53227",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53227"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53182",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53182"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53230",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53230"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53186",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53186"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53184",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53184"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53161",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53161"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52923",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52923"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53237",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53237"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53213",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53213"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52947",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52947"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53245",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53245"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52922",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52922"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53159",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53159"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53150",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53150"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53275",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53275"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53133",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53133"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53264",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53264"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53267",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53267"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53265",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53265"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53196",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53196"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53219",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53219"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53149",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53149"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53242",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53242"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53146",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53146"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53252",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53252"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53194",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53194"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52919",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52919"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52931",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52931"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52921",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52921"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53181",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53181"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53154",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53154"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52913",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52913"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53135",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53135"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53183",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53183"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53249",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53249"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53228",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53228"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53147",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53147"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53143",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53143"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53158",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53158"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52915",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52915"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53238",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53238"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53263",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53263"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53207",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53207"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53225",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53225"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53214",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53214"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-55200",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-55200"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53177",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53177"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53199",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53199"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-52927",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-52927"
    },
    {
      "published_at": "2026-06-27",
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2026-53274",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-53274"
    }
  ]
}

GHSA-VRFR-CW9W-GWRX

Vulnerability from github – Published: 2026-06-25 09:31 – Updated: 2026-06-28 09:31

Details

In the Linux kernel, the following vulnerability has been resolved:

thunderbolt: Validate XDomain request packet size before type cast

tb_xdp_handle_request() casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer can send a minimal XDomain packet that passes the generic header length check but is shorter than the struct accessed after the cast, causing out-of- bounds reads from the kmemdup allocation.

Plumb the packet length through xdomain_request_work and validate it against the expected struct size before each cast.

Severity

8.1 (High)


                  
                    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-53147"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-25T09:16:32Z",
    "severity": "HIGH"
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Validate XDomain request packet size before type cast\n\ntb_xdp_handle_request() casts the received packet buffer to\nprotocol-specific structs without verifying that the allocation\nis large enough for the target type.  A peer can send a minimal\nXDomain packet that passes the generic header length check but is\nshorter than the struct accessed after the cast, causing out-of-\nbounds reads from the kmemdup allocation.\n\nPlumb the packet length through xdomain_request_work and validate\nit against the expected struct size before each cast.",
  "id": "GHSA-vrfr-cw9w-gwrx",
  "modified": "2026-06-28T09:31:42Z",
  "published": "2026-06-25T09:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-53147"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/07cd2787cdf8942d24a1a3ef81aa89b526fb6381"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/0dd61ba03d05187726ecdf9c0e2175a81b9b24f6"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/46da5c3ea011e884028a91cf913db093920a915b"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/79235c8add5da4bf27a12f5a5dbb579f300c059e"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a504b9f2797b739e0304d537e8aa4ce883ecce39"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a770e62923090d7572f1f5a8507ae551d354a057"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

MSRC_CVE-2026-53147

Vulnerability from csaf_microsoft - Published: 2026-06-02 00:00 - Updated: 2026-06-28 01:59

Summary

thunderbolt: Validate XDomain request packet size before type cast

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2026-53147

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 21443-17084		—

Known affected 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 17084-1		—	Vendor Fix fix

References

4 references

URL	Category
https://msrc.microsoft.com/csaf/vex/2026/msrc_cve…	self
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/csaf/vex/2026/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2026-53147 thunderbolt: Validate XDomain request packet size before type cast - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-53147.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "thunderbolt: Validate XDomain request packet size before type cast",
    "tracking": {
      "current_release_date": "2026-06-28T01:59:32.000Z",
      "generator": {
        "date": "2026-06-28T07:10:57.238Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2026-53147",
      "initial_release_date": "2026-06-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-06-27T01:07:32.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2026-06-28T01:59:32.000Z",
          "legacy_version": "2",
          "number": "2",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cazl3 kernel 0:6.6.141.1-1.azl3",
                "product": {
                  "name": "\u003cazl3 kernel 0:6.6.141.1-1.azl3",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 kernel 0:6.6.141.1-1.azl3",
                "product": {
                  "name": "azl3 kernel 0:6.6.141.1-1.azl3",
                  "product_id": "21443"
                }
              }
            ],
            "category": "product_name",
            "name": "kernel"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 kernel 0:6.6.141.1-1.azl3 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 kernel 0:6.6.141.1-1.azl3 as a component of Azure Linux 3.0",
          "product_id": "21443-17084"
        },
        "product_reference": "21443",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-53147",
      "notes": [
        {
          "category": "general",
          "text": "Linux",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "21443-17084"
        ],
        "known_affected": [
          "17084-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-53147 thunderbolt: Validate XDomain request packet size before type cast - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-53147.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-27T01:07:32.000Z",
          "details": "0:6.6.143.1-1.azl3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "title": "thunderbolt: Validate XDomain request packet size before type cast"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2026-53147 (GCVE-0-2026-53147)

CERTFR-2026-AVI-0812

Solutions

GHSA-VRFR-CW9W-GWRX

MSRC_CVE-2026-53147

Tags

Sightings

Nomenclature