{"id":"CVE-2026-53205","summary":"accel/ivpu: Add bounds checks for firmware log indices","details":"In the Linux kernel, the following vulnerability has been resolved:\n\naccel/ivpu: Add bounds checks for firmware log indices\n\nAdd validation that read and write indices in the firmware log buffer\nare within valid bounds (\u003c data_size) before using them. If\nout-of-bounds indices are encountered (from firmware), clamp them to\nsafe values instead of proceeding with invalid offsets.\n\nThis prevents potential out-of-bounds buffer access when firmware\nsupplies invalid log indices.","modified":"2026-07-08T08:12:41.375864800Z","published":"2026-06-25T08:39:12.268Z","related":["CGA-hx5p-pcww-j3f3"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53205.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/535da9ad8420c3b686a642403d4147ff220255fd"},{"type":"WEB","url":"https://git.kernel.org/stable/c/5961c703414048f46818be8bbb11075a9a63fb4e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8ec70c0dbdf04392a26e03e38798a373934177be"},{"type":"WEB","url":"https://git.kernel.org/stable/c/dd1311bcf0e62f0c515115f46a3813370f4a4bb1"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53205.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-53205"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0923a7d55a85179744926b7c11768a81679cc4d4"},{"fixed":"5961c703414048f46818be8bbb11075a9a63fb4e"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"1fc1251149a76d3b75d7f4c94d9c4e081b7df6b4"},{"fixed":"8ec70c0dbdf04392a26e03e38798a373934177be"},{"fixed":"535da9ad8420c3b686a642403d4147ff220255fd"},{"fixed":"dd1311bcf0e62f0c515115f46a3813370f4a4bb1"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"6.12.30"},{"fixed":"6.12.94"}]}],"versions":["v6.12.93","v6.12.92","v6.12.91","v6.12.90","v6.12.89","v6.12.88","v6.12.87","v6.12.86","v6.12.85","v6.12.84","v6.12.83","v6.12.82","v6.12.81","v6.12.80","v6.12.79","v6.12.78","v6.12.77","v6.12.76","v6.12.75","v6.12.74","v6.12.73","v6.12.72","v6.12.71","v6.12.70","v6.12.69","v6.12.68","v6.12.67","v6.12.66","v6.12.65","v6.12.64","v6.12.63","v6.12.62","v6.12.61","v6.12.60","v6.12.59","v6.12.58","v6.12.57","v6.12.56","v6.12.55","v6.12.54","v6.12.53","v6.12.52","v6.12.51","v6.12.50","v6.12.49","v6.12.48","v6.12.47","v6.12.46","v6.12.45","v6.12.44","v6.12.43","v6.12.42","v6.12.41","v6.12.40","v6.12.39","v6.12.38","v6.12.37","v6.12.36","v6.12.35","v6.12.34","v6.12.33","v6.12.32","v6.12.31","v6.12.30"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53205.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.12.94"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.18.36"},{"fixed":"7.0.13"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53205.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}]}