Description
In the Linux kernel, the following vulnerability has been resolved:

accel/ivpu: Add bounds checks for firmware log indices

Add validation that read and write indices in the firmware log buffer
are within valid bounds (< data_size) before using them. If
out-of-bounds indices are encountered (from firmware), clamp them to
safe values instead of proceeding with invalid offsets.

This prevents potential out-of-bounds buffer access when firmware
supplies invalid log indices.
Published: 2026-06-25
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises when firmware supplies log indices that exceed the bounds of a kernel‑mode buffer. Because the kernel does not verify the validity of the read and write indices before accessing the buffer, an attacker could induce out‑of‑bounds memory reads or writes, which may lead to data disclosure, corruption or even execution of arbitrary code in kernel context. The weakness is a classic bounds‑checking failure, corresponding to CWE‑119.

Affected Systems

Both Linux kernel variants listed as impacted (Linux:Linux) are impacted. Any instance of the kernel that incorporates the ivpu firmware component prior to the patch has this flaw; versions updated to include the commit adding bounds checks are considered fixed.

Risk and Exploitability

The exploit requires control over firmware components or the ability to supply malicious log indices, typically only feasible with privileged or firmware update access. The absence of remote exploitation vectors and the lack of a known public exploit reduce the likelihood of immediate attacks. The CVSS score is not provided, EPSS is unavailable, and the issue is not in the CISA KEV catalog, indicating a moderate but not high risk to unpatched systems. Upon patching, the risk is effectively eliminated.

Generated by OpenCVE AI on June 25, 2026 at 11:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that contains the commit adding bounds checks (535da9ad8420c3b686a642403d4147ff220255fd).
  • Confirm that all firmware components interacting with the ivpu subsystem are signed and verified before execution to prevent injection of malicious log indices.
  • Restrict firmware update capabilities to trusted administrators and enforce access controls to the firmware interface.

Generated by OpenCVE AI on June 25, 2026 at 11:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add bounds checks for firmware log indices Add validation that read and write indices in the firmware log buffer are within valid bounds (< data_size) before using them. If out-of-bounds indices are encountered (from firmware), clamp them to safe values instead of proceeding with invalid offsets. This prevents potential out-of-bounds buffer access when firmware supplies invalid log indices.
Title accel/ivpu: Add bounds checks for firmware log indices
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-25T08:39:12.268Z

Reserved: 2026-06-09T07:44:35.391Z

Link: CVE-2026-53205

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T12:00:14Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer