Stack-based buffer overflow in Linux kernel - CVE-2026-53202
Published: June 26, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to execute arbitrary code.
The vulnerability exists due to a stack-based buffer overflow in the ivpu_ipc_receive function when processing firmware-supplied IPC message data. A local user can supply a crafted data_size value to trigger an oversized memcpy operation and execute arbitrary code.
Exploitation requires control over firmware-supplied message data.