CVE-2026-53202
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk5th percentile — higher than 5% of all known CVEs
Summary
In the Linux kernel, the accel/ivpu driver has a vulnerability in IPC receive due to signed integer truncation. Large unsigned values (>= 0x80000000) from firmware are cast to signed int, causing negative values and stack buffer overflow during memcpy.
Risk Assessment
An attacker with firmware communication privileges can trigger a stack buffer overflow, potentially causing system crashes or kernel privilege escalation.
Recommendation
Immediately update the Linux kernel to a version containing the fix (replacing min_t(int, ...) with min() in the accel/ivpu driver).
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix signed integer truncation in IPC receive Fix potential buffer overflow where firmware-supplied data_size is cast to signed int before being used in min_t(). Large unsigned values (>= 0x80000000) become negative, causing unsigned wraparound and oversized memcpy operations that can overflow the stack buffer. Change min_t(int, ...) to min() as both values are unsigned and can be handled by min() without explicit cast.

