CVE-2026-53206

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add bounds check for firmware runtime memory Validate that the firmware runtime memory specified in the image header is properly aligned and sized to hold the firmware image. This prevents errors during memory...

CVE-2026-53171

A flaw was found in the Linux kernel's accel/ethosu driver. The dmalength function, responsible for calculating Direct Memory Access DMA region usage, contains several arithmetic issues. These issues, including potential underflows and overflows during calculations, can lead to an under-reporting...

CVE-2026-53173

A flaw was found in the Linux kernel's accel/ethosu component. A local user can exploit this vulnerability by providing a specially crafted command stream, which causes an out-of-bounds write in memory. This memory corruption can lead to system instability, causing a denial of service or...

CVE-2026-53169

A flaw was found in the Linux kernel's accel/ethosu driver. An unprivileged local user with access to the Direct Rendering Manager DRM device could submit a specific command NPUOPRESIZE that the driver does not properly handle. This could lead to excessive kernel log spam and, if the paniconwarn...

CVE-2026-53203

A flaw was found in the Linux kernel's accel/ivpu component. This vulnerability, a buffer overflow, occurs when the firmware returns a size larger than the allocated buffer during a metric stream information query. This can lead to an incorrect buffer copy, potentially causing system instability ...

CVE-2026-53170

A flaw was found in the Linux kernel's accel/ethosu driver. A local attacker could exploit a vulnerability where DMA commands with uninitialized length are not properly handled. By omitting a specific DMA length setup command and issuing a DMA start command, a user could bypass bounds checks,...

UBUNTU-CVE-2026-53206

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add bounds check for firmware runtime memory Validate that the firmware runtime memory specified in the image header is properly aligned and sized to hold the firmware image. This prevents errors during memory...

UBUNTU-CVE-2026-53202

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix signed integer truncation in IPC receive Fix potential buffer overflow where firmware-supplied datasize is cast to signed int before being used in mint. Large unsigned values = 0x80000000 become negative, causing...

CVE-2026-53206

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add bounds check for firmware runtime memory Validate that the firmware runtime memory specified in the image header is properly aligned and sized to hold the firmware image. This prevents errors during memory...

CVE-2026-53205

The CVE-2026-53205 issue is in the Linux kernel Intel Versatile Processing Unit (IVPU) accelerator driver (accel/ivpu). It stems from insufficient validation of read/write indices in the firmware log buffer, allowing potential out-of-bounds access if firmware supplies invalid indices. Affected sy...

EUVD-2026-39294

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in MS getinfoioctl Add validation that the info size returned from the metric stream info query is not exceeded when checked against the allocated buffer size. If the firmware returns a size...

CVE-2026-53202

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix signed integer truncation in IPC receive Fix potential buffer overflow where firmware-supplied datasize is cast to signed int before being used in mint. Large unsigned values = 0x80000000 become negative, causing...

CVE-2026-53203

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Add buffer overflow check in MS getinfoioctl Add validation that the info size returned from the metric stream info query is not exceeded when checked against the allocated buffer size. If the firmware returns a size...

CVE-2026-53202 accel/ivpu: Fix signed integer truncation in IPC receive

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix signed integer truncation in IPC receive Fix potential buffer overflow where firmware-supplied datasize is cast to signed int before being used in mint. Large unsigned values = 0x80000000 become negative, causing...

CVE-2026-53172

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix IFM region index out-of-bounds in command stream parser NPUSETIFMREGION extracts the region index with param & 0x7f, giving a maximum value of 127. However regionsize and outputregion in struct...

SUSE-SU-2026:2487-1 Security update for rmt-server

This update for rmt-server fixes the following issues - CVE-2026-26961: rack: mismatch in header handling can allow to smuggle multipart content bsc1261398. - CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to header injection or response splitting bsc1261471. -...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: accel/qaic: Improved the bounds checking in decodemessage by copying the bounds checking from encodemessage to decodemessage. This patch addresses the following issues: - Ensure that there is enough space for at least one...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: A leak was fixed in mapuserpages. If getuserpagesfast allocates some pages, but not as many as we wanted, then the current code causes those pages to be leaked. Call putpage on the pages before returning...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fixed a runtime suspension deadlock that occurred when there was a pending job. The runtime suspension callback drains the running job’s workqueue before suspending the device. If a job is still executing and calls...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: accel/qaic: The integer overflow checks in mapuserpages have been cleaned up. The encodedma function includes some validations for intrans-size. However, it would be clearer to move these checks to findandmapuserpages. encoded...