Impact
The vulnerable code resides in the accel/ivpu module of the Linux kernel. A signed integer truncation occurs when a firmware‑supplied data_size value is cast to a signed int before being passed to min_t(). Large unsigned values become negative, and the subsequent min() operation wraps around, producing an oversized memcpy that overflows a stack buffer. This flaw allows an attacker with control over the data_size parameter to corrupt kernel memory and potentially execute code at ring‑0.
Affected Systems
Any Linux distribution running a kernel that contains the accel/ivpu IPC interface before commit 2821bf2b79e47f87e1dbdd9d25c78240965a97d6 is affected. No specific kernel version numbers are listed, so all kernels including the vulnerable accel/ivpu implementation are considered at risk.
Risk and Exploitability
The CVSS score of 7.8 indicates high severity. The EPSS value is less than 1%, and the vulnerability is not listed in the CISA KEV catalog, suggesting no publicly known exploits yet. Based on the description, it is inferred that the attack vector requires local influence over the IVPU IPC interface, typically through firmware or trusted processes. If an attacker can supply a crafted data_size value, stack corruption could lead to privilege escalation or arbitrary code execution.
OpenCVE Enrichment