In the Linux kernel, the following vulnerability has been resolved:
accel/ethosu: fix arithmetic issues in dma_length()
dma_length() derives DMA region usage from command stream values and
updates region_size[]:
len = ((len + stride[0]) * size0 + stride[1]) * size1
region_size[region] = max(..., len + dma->offset)
Several arithmetic issues can corrupt the derived region size:
- signed stride values may underflow when added to len
- intermediate multiplications may overflow
- len + dma->offset may overflow during region_size updates
- dma_length() error returns were not validated by the caller
region_size[] is later used by ethosu_job.c to validate command stream
accesses against GEM buffer sizes. Arithmetic wraparound can therefore
under-report region usage and bypass the bounds validation.
Fix by validating signed additions, using overflow helpers for
multiplications and offset updates, and propagating dma_length()
failures to the caller.
References
Configurations
Configuration 1 (hide)
|
History
06 Jul 2026, 18:24
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | NVD-CWE-noinfo | |
| First Time |
Linux linux Kernel
Linux |
|
| References | () https://git.kernel.org/stable/c/6bb73845d1855ceaf50e397175e5979a7bdf69bc - Patch | |
| References | () https://git.kernel.org/stable/c/ee6d9b6e51626f259c6f0e38d94f91be4fd14754 - Patch | |
| CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:* |
28 Jun 2026, 08:16
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
25 Jun 2026, 09:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-25 09:16
Updated : 2026-07-06 18:24
NVD link : CVE-2026-53171
Mitre link : CVE-2026-53171
CVE.ORG link : CVE-2026-53171
JSON object : View
Products Affected
linux
- linux_kernel
CWE
