Impact
The flaw arises from the Ethos‑U NPU command stream parser incorrectly masking the IFM region index with 0x7f, allowing values up to 127 instead of the intended 0–7 range. The region_size and output_region arrays in the driver are sized for eight elements, so a userspace caller supplying a high IFM index can write up to 1016 bytes beyond the array bounds, corrupting adjacent kernel heap data. This buffer overflow can cause arbitrary memory corruption in the kernel, potentially destabilizing the system or tampering with kernel data structures. The description does not specify whether this could result in privilege escalation or denial‑of‑service, so only the presence of memory corruption is documented.
Affected Systems
Any Linux kernel release that contains the accel/ethosu driver code path before the patch commit is affected. No explicit kernel version list is provided, so all kernels with the vulnerable Ethos‑U command stream parser that have code are potentially at risk.
Risk and Exploitability
The vulnerability is local: an attacker must be able to invoke the NPU ioctl or otherwise provide a maliciousSS score is 7.8. The EPSS score is < 1% and the issue is not listed in the CISA KEV catalog, indicating no publicly known exploits at this time. The bug can cause kernel heap corruption, and the severity is high due to the kernel context. An attacker with local access could construct a malformed command stream to trigger the overflow and corrupt kernel memory; however, exploitation to gain higher privileges or crash the system is not confirmed in the description.
OpenCVE Enrichment