Skip to main content

Linux Kernel CVE-2026-53205

| EUVDEUVD-2026-39296 HIGH
Out-of-bounds Write (CWE-787)
2026-06-25 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-gm9p-3w2c-c6qg
7.1
CVSS 3.1 · Vendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Share

Severity by source

Vendor (416baaa9-dc9f-4396-8d5f-8c081fb06d67) PRIMARY
7.1 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
vuln.today AI
6.3 MEDIUM

Local access (AV:L) with low privileges (PR:L); AC:H because the attacker must influence firmware-supplied indices; out-of-bounds read gives C:H and crash A:H, no integrity impact.

3.1 AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
4.0 AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (416baaa9-dc9f-4396-8d5f-8c081fb06d67).

CVSS VectorVendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 28, 2026 - 09:33 vuln.today
CVSS changed
Jun 28, 2026 - 08:22 NVD
7.1 (HIGH)
Patch available
Jun 25, 2026 - 10:32 EUVD
CVE Published
Jun 25, 2026 - 09:16 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 25, 2026 - 09:16 cve.org
HIGH 7.1

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

accel/ivpu: Add bounds checks for firmware log indices

Add validation that read and write indices in the firmware log buffer are within valid bounds (< data_size) before using them. If out-of-bounds indices are encountered (from firmware), clamp them to safe values instead of proceeding with invalid offsets.

This prevents potential out-of-bounds buffer access when firmware supplies invalid log indices.

AnalysisAI

Out-of-bounds memory access in the Linux kernel's accel/ivpu driver (Intel NPU/VPU accelerator) occurs because firmware-supplied read and write indices for the firmware log buffer were used without bounds validation, allowing invalid offsets to drive out-of-bounds buffer reads. Affecting Intel Core Ultra-class systems running affected 6.12.x through 6.18.x and 7.x kernels, a local low-privileged actor able to influence the device's firmware log indices can disclose kernel memory or crash the host. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain local low-privileged access on Intel NPU host
Delivery
Influence firmware-supplied log buffer indices
Exploit
Driver computes out-of-bounds offset (no bounds check)
Execution
Read kernel memory outside log region
Impact
Leak sensitive data or crash kernel

Vulnerability AssessmentAI

Exploitation Exploitation requires local access to a system that has the accel/ivpu (Intel VPU/NPU) driver loaded - i.e. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mostly aligned toward a moderate, not urgent, priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A local low-privileged user on an Intel Core Ultra laptop or workstation interacts with the ivpu accelerator device while the firmware log buffer presents out-of-bounds read/write indices, causing the unpatched driver to read kernel memory outside the log region, leaking sensitive kernel data or panicking the system. Because the malicious values come from the NPU firmware path, a more potent variant chains a firmware-level compromise to reliably supply attacker-chosen indices. …
Remediation Vendor-released patch: update to a fixed stable kernel - 6.12.94 or later in the 6.12 series, 6.18.36 or later, or 7.0.13 or later (the fix is also present in 7.1), corresponding to upstream commits 535da9ad8420, 5961c7034140, 8ec70c0dbdf0, and dd1311bcf0e6 available at git.kernel.org/stable. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify all systems running Intel Core Ultra with Linux kernel versions 6.12.x through 7.x; document system count and exposure. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53205 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy