Description

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix signed integer truncation in IPC receive Fix potential buffer overflow where firmware-supplied data_size is cast to signed int before being used in min_t(). Large unsigned values (>= 0x80000000) become negative, causing unsigned wraparound and oversized memcpy operations that can overflow the stack buffer. Change min_t(int, ...) to min() as both values are unsigned and can be handled by min() without explicit cast.

Affected products

VendorProductVersions
LinuxLinux3b434a3445fff3149128db0169da864d67057325 to <4788556d4dd9d717037e385de178974e9649231d; 3b434a3445fff3149128db0169da864d67057325 to <45cb105b8642c65e9be286f7058e92314efe7ea3; 3b434a3445fff3149128db0169da864d67057325 to <2821bf2b79e47f87e1dbdd9d25c78240965a97d6; 3b434a3445fff3149128db0169da864d67057325 to <d9faef564438d1e4579c692c046603e7ada7bdf4
LinuxLinux6.8; 0 to <6.8; 6.12.94 to <=6.12.*; 6.18.36 to <=6.18.*; 7.0.13 to <=7.0.*; 7.1 to <=*

References

Authoritative sources

This page is a snapshot. For the latest enrichment and updates, view the record on CVE.org or the NVD.

Generated from the official CVE List on 25 Jun 2026 10:14 UTC.