CVE-2026-53171

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix arithmetic issues in dma_length() dma_length() derives DMA region usage from command stream values and updates region_size[]: len = ((len + stride[0]) * size0 + stride[1]) * size1 region_size[region] = max(..., len + dma->offset) Several arithmetic issues can corrupt the derived region size: - signed stride values may underflow when added to len - intermediate multiplications may overflow - len + dma->offset may overflow during region_size updates - dma_length() error returns were not validated by the caller region_size[] is later used by ethosu_job.c to validate command stream accesses against GEM buffer sizes. Arithmetic wraparound can therefore under-report region usage and bypass the bounds validation. Fix by validating signed additions, using overflow helpers for multiplications and offset updates, and propagating dma_length() failures to the caller.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*

History

06 Jul 2026, 18:24

Type Values Removed Values Added
CWE NVD-CWE-noinfo
First Time Linux linux Kernel
Linux
References () https://git.kernel.org/stable/c/6bb73845d1855ceaf50e397175e5979a7bdf69bc - () https://git.kernel.org/stable/c/6bb73845d1855ceaf50e397175e5979a7bdf69bc - Patch
References () https://git.kernel.org/stable/c/ee6d9b6e51626f259c6f0e38d94f91be4fd14754 - () https://git.kernel.org/stable/c/ee6d9b6e51626f259c6f0e38d94f91be4fd14754 - Patch
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*

28 Jun 2026, 08:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

25 Jun 2026, 09:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-25 09:16

Updated : 2026-07-06 18:24


NVD link : CVE-2026-53171

Mitre link : CVE-2026-53171

CVE.ORG link : CVE-2026-53171


JSON object : View

Products Affected

linux

  • linux_kernel