Description
In the Linux kernel, the following vulnerability has been resolved:

accel/ivpu: Add buffer overflow check in MS get_info_ioctl

Add validation that the info size returned from the metric stream info
query is not exceeded when checked against the allocated buffer size.
If the firmware returns a size larger than the buffer, reject the
operation with -EOVERFLOW instead of proceeding with an incorrect
buffer copy.
Published: 2026-06-25
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The accel/ivpu driver in the Linux kernel contains a buffer overflow vulnerability in its get_info_ioctl handler. If the firmware reports an info size larger than the allocated buffer, the driver copies the data without verifying the bounds, leading to a kernel memory corruption that can be exploited to gain elevated privileges or crash the system. The flaw is a classic buffer overflow.

Affected Systems

All Linux kernel releases that shipped the accel/ivpu driver before the commit adding the overflow check are affected. Any distribution that has not yet incorporated this patch remains vulnerable until the kernel is updated to the latest commit where the overflow validation was introduced.

Risk and Exploitability

The vulnerability requires a local attacker who can invoke the ioctl on the accel/ivpu device, which is inferred from the nature of the vulnerability and the driver’s operation. No network‑based trigger is known. The CVSS score of 7.1, the EPSS score of less than 1%, and the absence from the CISA KEV catalog indicate a moderate exploitation probability, but the kernel buffer overflow still poses a significant risk. The patch prevents the unchecked copy and will mitigate the risk if applied.

Generated by OpenCVE AI on June 28, 2026 at 15:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a Linux kernel that includes the commit adding the buffer overflow check in accel/ivpu.
  • If an immediate kernel upgrade is not possible, restrict access to the accel/ivpu device so that only privileged processes can use the ioctl; consider applying udev rules or changing device ownership.
  • Validate or replace any external firmware used with the accel/ivpu driver to ensure it does not return an info size that exceeds the allocated buffer, thereby preventing the overflow condition.

Generated by OpenCVE AI on June 28, 2026 at 15:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 28 Jun 2026 13:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H'}


Fri, 26 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Important


Thu, 25 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in MS get_info_ioctl Add validation that the info size returned from the metric stream info query is not exceeded when checked against the allocated buffer size. If the firmware returns a size larger than the buffer, reject the operation with -EOVERFLOW instead of proceeding with an incorrect buffer copy.
Title accel/ivpu: Add buffer overflow check in MS get_info_ioctl
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-07-15T00:44:29.981Z

Reserved: 2026-06-09T07:44:35.391Z

Link: CVE-2026-53203

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53203 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T15:15:05Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')