Description
In the Linux kernel, the following vulnerability has been resolved:

accel/ivpu: Add bounds check for firmware runtime memory

Validate that the firmware runtime memory specified in the image
header is properly aligned and sized to hold the firmware image.
This prevents errors during memory allocation and image transfer.
Published: 2026-06-25
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The missing bounds check in the Linux kernel’s accel/ivpu subsystem allows a firmware image header to specify runtime memory that is not properly aligned or sized. This flaw can cause a memory allocation error or an out‑of‑bounds write during image transfer, leading to corruption of kernel memory. Depending on the context, an attacker could exploit this to gain elevated privileges or crash the system.

Affected Systems

All Linux kernel releases prior to the commit that adds the bounds check are affected. The vulnerability is introduced in the accel/ivpu driver and is not tied to a specific distribution version, so any unpatched kernel may be vulnerable.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog, which suggests that public exploitation is not currently widespread. However, the flaw involves a low‑level kernel memory operation that could allow privilege escalation if an attacker can supply a malicious IVPU firmware image. The likely attack vector is through the acceptance of a firmware image that bypasses size validation, and the required conditions include the ability to load firmware into the system’s firmwares subsystem.

Generated by OpenCVE AI on June 25, 2026 at 11:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that contains the commit adding bounds checking for IVPU firmware runtime memory. The patch is available in the upstream repository at https://git.kernel.org/stable/c/1d0b597facdd3c0239c88e8797c1014e1ea0ef15 and https://git.kernel.org/stable/c/f8ab60ae9309e76d9a09c601c10cc222e25b3d5b.
  • Reboot the system so the updated kernel is loaded and any cached firmware images are cleared. This helps ensure the bounds check is active during normal operation.
  • Verify that only trusted firmware sources are used for IVPU components, and disable or sandbox any mechanisms that allow untrusted firmware loading. This reduces the risk of an attacker providing a malicious image that could trigger the vulnerability.

Generated by OpenCVE AI on June 25, 2026 at 11:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-787

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add bounds check for firmware runtime memory Validate that the firmware runtime memory specified in the image header is properly aligned and sized to hold the firmware image. This prevents errors during memory allocation and image transfer.
Title accel/ivpu: Add bounds check for firmware runtime memory
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-25T08:39:12.925Z

Reserved: 2026-06-09T07:44:35.391Z

Link: CVE-2026-53206

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T11:30:06Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-787

    Out-of-bounds Write