CVE-2026-53202
Received Received - Intake
BaseFortify

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix signed integer truncation in IPC receive Fix potential buffer overflow where firmware-supplied data_size is cast to signed int before being used in min_t(). Large unsigned values (>= 0x80000000) become negative, causing unsigned wraparound and oversized memcpy operations that can overflow the stack buffer. Change min_t(int, ...) to min() as both values are unsigned and can be handled by min() without explicit cast.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-25
AI Q&A
2026-06-25
EPSS Evaluated
N/A
NVD
CVE-2026-53202
EUVD
EUVD-2026-39293
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's accel/ivpu component where a signed integer truncation occurs during IPC receive operations.

Specifically, firmware-supplied data_size is cast to a signed int before being used in a min_t() function. When large unsigned values (greater than or equal to 0x80000000) are cast to signed int, they become negative, which causes an unsigned wraparound.

This wraparound leads to oversized memcpy operations that can overflow the stack buffer, potentially causing memory corruption.

The fix involved changing min_t(int, ...) to min() since both values are unsigned and can be safely handled without casting.

Impact Analysis

This vulnerability can lead to a buffer overflow in the Linux kernel, which may cause memory corruption.

Such memory corruption could potentially be exploited to execute arbitrary code, cause system crashes, or escalate privileges depending on the attacker's capabilities and system configuration.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53202. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart