Linux Kernel: Signed Integer Truncation in IPC Receive Causing Stack Buffer Overflow
CVE-2026-53202 Published on June 25, 2026
accel/ivpu: Fix signed integer truncation in IPC receive
In the Linux kernel, the following vulnerability has been resolved:
accel/ivpu: Fix signed integer truncation in IPC receive
Fix potential buffer overflow where firmware-supplied data_size is cast
to signed int before being used in min_t(). Large unsigned values
(>= 0x80000000) become negative, causing unsigned wraparound and
oversized memcpy operations that can overflow the stack buffer.
Change min_t(int, ...) to min() as both values are unsigned and can be
handled by min() without explicit cast.
Vulnerability Analysis
CVE-2026-53202 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Products Associated with CVE-2026-53202
stack.watch emails you whenever new vulnerabilities are published in Linux Kernel or Red Hat Enterprise Linux (RHEL). Just hit a watch button to start following.
Affected Versions
Linux:- Version 3b434a3445fff3149128db0169da864d67057325 and below 4788556d4dd9d717037e385de178974e9649231d is affected.
- Version 3b434a3445fff3149128db0169da864d67057325 and below 45cb105b8642c65e9be286f7058e92314efe7ea3 is affected.
- Version 3b434a3445fff3149128db0169da864d67057325 and below 2821bf2b79e47f87e1dbdd9d25c78240965a97d6 is affected.
- Version 3b434a3445fff3149128db0169da864d67057325 and below d9faef564438d1e4579c692c046603e7ada7bdf4 is affected.
- Version 6.8 is affected.
- Before 6.8 is unaffected.
- Version 6.12.94, <= 6.12.* is unaffected.
- Version 6.18.36, <= 6.18.* is unaffected.
- Version 7.0.13, <= 7.0.* is unaffected.
- Version 7.1, <= * is unaffected.