CVE Catalog

CVE-2026-53205

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

In the Linux kernel, the accel/ivpu driver now validates firmware log buffer read/write indices against buffer size. Missing bounds checks could allow out-of-bounds memory access when firmware supplies invalid indices.

Risk Assessment

An attacker could exploit this vulnerability to gain unauthorized kernel memory access, potentially leading to privilege escalation or sensitive data leakage.

Recommendation

Immediately update the Linux kernel to a version containing the fix (commit referenced in CVE-2026-53205). Monitor official security advisories from your distribution.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add bounds checks for firmware log indices Add validation that read and write indices in the firmware log buffer are within valid bounds (< data_size) before using them. If out-of-bounds indices are encountered (from firmware), clamp them to safe values instead of proceeding with invalid offsets. This prevents potential out-of-bounds buffer access when firmware supplies invalid log indices.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS