Description
In the Linux kernel, the following vulnerability has been resolved:

accel/ivpu: Fix signed integer truncation in IPC receive

Fix potential buffer overflow where firmware-supplied data_size is cast
to signed int before being used in min_t(). Large unsigned values
(>= 0x80000000) become negative, causing unsigned wraparound and
oversized memcpy operations that can overflow the stack buffer.

Change min_t(int, ...) to min() as both values are unsigned and can be
handled by min() without explicit cast.
Published: 2026-06-25
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerable code resides in the accel/ivpu module of the Linux kernel. A signed integer truncation occurs when a firmware‑supplied data_size value is cast to a signed int before being passed to min_t(). Large unsigned values become negative, and the subsequent min() operation wraps around, producing an oversized memcpy that overflows a stack buffer. This flaw allows an attacker with control over the data_size parameter to corrupt kernel memory and potentially execute code at ring‑0.

Affected Systems

Any Linux distribution running a kernel that contains the accel/ivpu IPC interface before commit 2821bf2b79e47f87e1dbdd9d25c78240965a97d6 is affected. No specific kernel version numbers are listed, so all kernels including the vulnerable accel/ivpu implementation are considered at risk.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity. The EPSS value is less than 1%, and the vulnerability is not listed in the CISA KEV catalog, suggesting no publicly known exploits yet. Based on the description, it is inferred that the attack vector requires local influence over the IVPU IPC interface, typically through firmware or trusted processes. If an attacker can supply a crafted data_size value, stack corruption could lead to privilege escalation or arbitrary code execution.

Generated by OpenCVE AI on June 28, 2026 at 14:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy a kernel update that incorporates commit 2821bf2b79e47f87e1dbdd9d25c78240965a97d6 or later.
  • If an immediate update is not feasible, disable or restrict access to the IVPU IPC interface to prevent untrusted firmware from invoking the vulnerable routine.
  • Ensure that firmware interacting with the kernel is signed and verified, and monitor for anomalous IPC requests that may indicate exploitation attempts.

Generated by OpenCVE AI on June 28, 2026 at 14:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 00:45:00 +0000


Sun, 28 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-20

Sun, 28 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-680

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Thu, 25 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-680

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix signed integer truncation in IPC receive Fix potential buffer overflow where firmware-supplied data_size is cast to signed int before being used in min_t(). Large unsigned values (>= 0x80000000) become negative, causing unsigned wraparound and oversized memcpy operations that can overflow the stack buffer. Change min_t(int, ...) to min() as both values are unsigned and can be handled by min() without explicit cast.
Title accel/ivpu: Fix signed integer truncation in IPC receive
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-07-15T00:44:32.389Z

Reserved: 2026-06-09T07:44:35.391Z

Link: CVE-2026-53202

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53202 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T14:15:08Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-20

    Improper Input Validation