CVE-2026-53205
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
In the Linux kernel, the accel/ivpu driver now validates firmware log buffer read/write indices against buffer size. Missing bounds checks could allow out-of-bounds memory access when firmware supplies invalid indices.
Risk Assessment
An attacker could exploit this vulnerability to gain unauthorized kernel memory access, potentially leading to privilege escalation or sensitive data leakage.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit referenced in CVE-2026-53205). Monitor official security advisories from your distribution.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add bounds checks for firmware log indices Add validation that read and write indices in the firmware log buffer are within valid bounds (< data_size) before using them. If out-of-bounds indices are encountered (from firmware), clamp them to safe values instead of proceeding with invalid offsets. This prevents potential out-of-bounds buffer access when firmware supplies invalid log indices.

