CVE Catalog

CVE-2026-53202

HighCVSS 7.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile — higher than 5% of all known CVEs

Summary

In the Linux kernel, the accel/ivpu driver has a vulnerability in IPC receive due to signed integer truncation. Large unsigned values (>= 0x80000000) from firmware are cast to signed int, causing negative values and stack buffer overflow during memcpy.

Risk Assessment

An attacker with firmware communication privileges can trigger a stack buffer overflow, potentially causing system crashes or kernel privilege escalation.

Recommendation

Immediately update the Linux kernel to a version containing the fix (replacing min_t(int, ...) with min() in the accel/ivpu driver).

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix signed integer truncation in IPC receive Fix potential buffer overflow where firmware-supplied data_size is cast to signed int before being used in min_t(). Large unsigned values (>= 0x80000000) become negative, causing unsigned wraparound and oversized memcpy operations that can overflow the stack buffer. Change min_t(int, ...) to min() as both values are unsigned and can be handled by min() without explicit cast.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS