Main Vulnerability Database SB20251226344

SB20251226344 - Input validation error in Linux kernel accel ivpu driver

Published: December 26, 2025

Security Bulletin ID SB20251226344

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2025-68730)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the ivpu_bo_unbind_all_bos_from_context(), ivpu_gem_create_object(), ivpu_gem_prime_import() and ivpu_bo_alloc() functions in drivers/accel/ivpu/ivpu_gem.c. A local user can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/8172838a284c27190fa6782c2740a97020434750
https://git.kernel.org/stable/c/8b694b405a84696f1d964f6da7cf9721e68c4714
https://git.kernel.org/stable/c/c9ef5ccd8bd9bcf598b6d3f77e7eb4dde7149aec