CVE-2026-53203 - Vulnerability Details

Description

In the Linux kernel, the following vulnerability has been resolved:

accel/ivpu: Add buffer overflow check in MS get_info_ioctl

Add validation that the info size returned from the metric stream info
query is not exceeded when checked against the allocated buffer size.
If the firmware returns a size larger than the buffer, reject the
operation with -EOVERFLOW instead of proceeding with an incorrect
buffer copy.

Published: 2026-06-25

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The accel/ivpu driver in the Linux kernel contains a buffer overflow vulnerability in its get_info_ioctl handler. If the firmware reports an info size larger than the allocated buffer, the driver copies the data without verifying the bounds, leading to a kernel memory corruption that can be exploited to gain elevated privileges or crash the system. The flaw is a classic buffer overflow (CWE‑119).

Affected Systems

All Linux kernel releases that shipped the accel/ivpu driver before the commit adding the overflow check are affected. Any distribution that has not yet incorporated this patch remains vulnerable until the kernel is updated to the latest commit where the overflow validation was introduced.

Risk and Exploitability

The vulnerability requires a local attacker who can invoke the ioctl on the accel/ivpu device, which is inferred from the nature of the vulnerability and the driver’s operation. No network‑based trigger is known. The absence of an EPSS score or KEV listing means the real‑world exploitation probability is uncertain, but the high severity of a kernel buffer overflow warrants caution. The patch prevents the unchecked copy and will mitigate the risk if applied.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`cdfad4db7756563db7d458216d9e3c2651dddc7d`	affected	< d3c12ed33e8923f3090909a1738f3e59292996a6
`cdfad4db7756563db7d458216d9e3c2651dddc7d`	affected	< fa598556ecef412edcb391f144b7642e18fdfd45
`cdfad4db7756563db7d458216d9e3c2651dddc7d`	affected	< 4e5047cc94bea1cc7b670b7f503358e9af0542df
`cdfad4db7756563db7d458216d9e3c2651dddc7d`	affected	< fb176425837693f50c5c9fc8db6fbb04af22bd0a

Linux

affected

Version	Status	Constraints
`6.11`	affected	—
`0`	unaffected	< 6.11
`6.12.94`	unaffected	≤ 6.12.*
`6.18.36`	unaffected	≤ 6.18.*
`7.0.13`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade to a Linux kernel that includes the commit adding the buffer overflow check in accel/ivpu.
If an immediate kernel upgrade is not possible, restrict access to the accel/ivpu device so that only privileged processes can use the ioctl; consider applying udev rules or changing device ownership.
Validate or replace any external firmware used with the accel/ivpu driver to ensure it does not return an info size that exceeds the allocated buffer, thereby preventing the overflow condition.

Generated by OpenCVE AI on June 25, 2026 at 12:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00193.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/4e5047cc94bea1cc7b670b7f503358e9af0542df
https://git.kernel.org/stable/c/d3c12ed33e8923f3090909a1738f3e59292996a6
https://git.kernel.org/stable/c/fa598556ecef412edcb391f144b7642e18fdfd45
https://git.kernel.org/stable/c/fb176425837693f50c5c9fc8db6fbb04af22bd0a

History

Thu, 25 Jun 2026 12:45:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-119

Thu, 25 Jun 2026 09:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in MS get_info_ioctl Add validation that the info size returned from the metric stream info query is not exceeded when checked against the allocated buffer size. If the firmware returns a size larger than the buffer, reject the operation with -EOVERFLOW instead of proceeding with an incorrect buffer copy.
Title		accel/ivpu: Add buffer overflow check in MS get_info_ioctl
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/4e5047cc94bea1cc7b670b7f503358e9af0542df https://git.kernel.org/stable/c/d3c12ed33e8923f3090909a1738f3e59292996a6 https://git.kernel.org/stable/c/fa598556ecef412edcb391f144b7642e18fdfd45 https://git.kernel.org/stable/c/fb176425837693f50c5c9fc8db6fbb04af22bd0a

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-25T08:39:10.950Z

Updated: 2026-06-25T08:39:10.950Z

Reserved: 2026-06-09T07:44:35.391Z

Link: CVE-2026-53203

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-25T12:30:06Z

Weaknesses

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object