CVE-2026-53202

Summary

In the Linux kernel, the following vulnerability has been resolved:

accel/ivpu: Fix signed integer truncation in IPC receive

Fix potential buffer overflow where firmware-supplied data_size is cast to signed int before being used in min_t(). Large unsigned values (>= 0x80000000) become negative, causing unsigned wraparound and oversized memcpy operations that can overflow the stack buffer.

Change min_t(int, …) to min() as both values are unsigned and can be handled by min() without explicit cast.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux3b434a3445fff3149128db0169da864d67057325 < 4788556d4dd9d717037e385de178974e9649231daffected
LinuxLinux3b434a3445fff3149128db0169da864d67057325 < 45cb105b8642c65e9be286f7058e92314efe7ea3affected
LinuxLinux3b434a3445fff3149128db0169da864d67057325 < 2821bf2b79e47f87e1dbdd9d25c78240965a97d6affected
LinuxLinux3b434a3445fff3149128db0169da864d67057325 < d9faef564438d1e4579c692c046603e7ada7bdf4affected
LinuxLinux6.8affected
LinuxLinux0 < 6.8unaffected
LinuxLinux6.12.94 <= 6.12.*unaffected
LinuxLinux6.18.36 <= 6.18.*unaffected
LinuxLinux7.0.13 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

ADP Enrichment

kernel: accel/ivpu: Fix signed integer truncation in IPC receive

Additional References

References