8 matches found
CVE-2026-53170
A flaw was found in the Linux kernel's accel/ethosu driver. A local attacker could exploit a vulnerability where DMA commands with uninitialized length are not properly handled. By omitting a specific DMA length setup command and issuing a DMA start command, a user could bypass bounds checks,...
CVE-2026-53169
In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: reject NPUOPRESIZE commands from userspace NPUOPRESIZE is a U85-only command that the driver does not yet implement. The existing WARNON1 placeholder fires unconditionally whenever userspace submits this command via...
UBUNTU-CVE-2026-53170
In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: reject DMA commands with uninitialized length cmdstateinit initializes the command state with memset0xff, leaving dma-len at U64MAX to signal missing setup. The only setter is NPUSETDMA0LEN; if userspace omits this...
UBUNTU-CVE-2026-53169
In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: reject NPUOPRESIZE commands from userspace NPUOPRESIZE is a U85-only command that the driver does not yet implement. The existing WARNON1 placeholder fires unconditionally whenever userspace submits this command via...
CVE-2026-53171 accel/ethosu: fix arithmetic issues in dma_length()
In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix arithmetic issues in dmalength dmalength derives DMA region usage from command stream values and updates regionsize: len = len + stride0 size0 + stride1 size1 regionsizeregion = max..., len + dma-offset Several...
CVE-2026-53171
The CVE affects the Linux kernel’s accel/ethosu driver. The dma_length() function can under- or overflow while deriving DMA region usage, causing region_size[] to be under-reported and potentially bypassing bounds checks in ethosu_job.c. The issue arises from arithmetic in len calculations, signe...
EUVD-2026-39260
In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: reject NPUOPRESIZE commands from userspace NPUOPRESIZE is a U85-only command that the driver does not yet implement. The existing WARNON1 placeholder fires unconditionally whenever userspace submits this command via...
CVE-2026-53169
In the Linux kernel, accel/ethosu has been fixed to reject NPU_OP_RESIZE commands from userspace. The driver previously used an unconditional WARN_ON(1) in DRM_IOCTL_ETHOSU_GEM_CREATE, enabling kernel log spam and, if panic_on_warn was set, potential DoS via a local unprivileged user. The patch r...