Description
In the Linux kernel, the following vulnerability has been resolved:

accel/ivpu: Add bounds checks for firmware log indices

Add validation that read and write indices in the firmware log buffer
are within valid bounds (< data_size) before using them. If
out-of-bounds indices are encountered (from firmware), clamp them to
safe values instead of proceeding with invalid offsets.

This prevents potential out-of-bounds buffer access when firmware
supplies invalid log indices.
Published: 2026-06-25
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw lies in the ivpu driver, where it fails to validate the indices received from firmware before accessing the kernel’s log buffer. This weakness is an instance of CWE‑805, Buffer Access with Incorrect Boundary Checks. When firmware supplies indices that exceed the buffer’s allocated size, the kernel would perform an out‑of‑bounds read or write, potentially leading to memory corruption or leakage of data adjacent to the buffer. The vulnerability description does not mention arbitrary code execution or privilege escalation; based on the description, it is inferred that the risk is mainly data integrity or confidentiality.

Affected Systems

All Linux kernel releases that include the ivpu firmware interface and do not contain the bounds‑check commit 535da9ad8420c3b686a642403d4147ff220255fd are affected. Based on the commit reference, it is inferred that kernels prior to that commit are vulnerable, while downstream kernels that incorporate the patch are protected.

Risk and Exploitability

The CVSS score of 7.1 indicates high severity, and the EPSS score of less than 1% signals a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation would normally require the attacker to control the firmware supplied to the ivpu subsystem; based on the description, this capability is typically restricted to privileged users or firmware developers. No public exploit or remote attack vector is documented, so the likelihood of an active attack against unpatched systems remains low.

Generated by OpenCVE AI on June 28, 2026 at 14:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that incorporates commit 535da9ad8420c3b686a642403d4147ff220255fd, which adds bounds checking for firmware log indices and fixes the CWE‑805 weakness.
  • Ensure that any firmware loaded into the ivpu subsystem is signed and verified by the kernel to prevent unauthorized indices from being injected, thereby mitigating the potential for buffer over‑read/write.
  • Restrict firmware update mechanisms to trusted administrators and limit the ability for unauthenticated firmware to be introduced into the system, reducing the risk of the CWE‑805 weakness being exploited.

Generated by OpenCVE AI on June 28, 2026 at 14:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H'}


Fri, 26 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Fri, 26 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-805
References
Metrics threat_severity

None

cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate


Thu, 25 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add bounds checks for firmware log indices Add validation that read and write indices in the firmware log buffer are within valid bounds (< data_size) before using them. If out-of-bounds indices are encountered (from firmware), clamp them to safe values instead of proceeding with invalid offsets. This prevents potential out-of-bounds buffer access when firmware supplies invalid log indices.
Title accel/ivpu: Add bounds checks for firmware log indices
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-28T06:40:24.322Z

Reserved: 2026-06-09T07:44:35.391Z

Link: CVE-2026-53205

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53205 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T14:15:08Z

Weaknesses
  • CWE-805

    Buffer Access with Incorrect Length Value