CVE Catalog

CVE-2026-53203

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

5th percentile — higher than 5% of all known CVEs

Summary

In the Linux kernel, a buffer overflow check was added in the accel/ivpu driver's get_info_ioctl function. Missing validation of the size returned by firmware could lead to copying data beyond the allocated buffer.

Risk Assessment

The organization faces potential data integrity violation or system crash due to improper buffer copying. An attacker with local access could exploit this vulnerability for privilege escalation or driver destabilization.

Recommendation

Immediately update the Linux kernel to a version containing the fix for CVE-2026-53203. Monitor official security advisories from your Linux distribution.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in MS get_info_ioctl Add validation that the info size returned from the metric stream info query is not exceeded when checked against the allocated buffer size. If the firmware returns a size larger than the buffer, reject the operation with -EOVERFLOW instead of proceeding with an incorrect buffer copy.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS