CVE-2026-53202 | In the Linux kernel, the following vulnerability has been re…

Description

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix signed integer truncation in IPC receive Fix potential buffer overflow where firmware-supplied data_size is cast to signed int before being used in min_t(). Large unsigned values (>= 0x80000000) become negative, causing unsigned wraparound and oversized memcpy operations that can overflow the stack buffer. Change min_t(int, ...) to min() as both values are unsigned and can be handled by min() without explicit cast.

Metadata

CVE ID: CVE-2026-53202
State: PUBLISHED
Assigner: Linux
Reserved: 2026-06-09 07:44 UTC
Published: 2026-06-25 08:39 UTC
Last updated: 2026-06-25 08:39 UTC
Vendor / Product: Linux / Linux
Sources: cve.org · NVD

Severity & Metrics

No CVSS data available.

Affected products (2)

Vendor	Product	Platform	Versions
Linux	Linux	—	3b434a3445fff3149128db0169da864d67057325 < 4788556d4dd9d717037e385de178974e9649231d, 3b434a3445fff3149128db0169da864d67057325 < 45cb105b8642c65e9be286f7058e92314efe7ea3, 3b434a3445fff3149128db0169da864d67057325 < 2821bf2b79e47f87e1dbdd9d25c78240965a97d6, 3b434a3445fff3149128db0169da864d67057325 < d9faef564438d1e4579c692c046603e7ada7bdf4
Linux	Linux	—	6.8, 0 < 6.8, 6.12.94 ≤ 6.12., 6.18.36 ≤ 6.18. …

References (4)