🔴 高危 | CVE-2026-53171 — In the Linux kernel, the following vulnerability has be
🔴 《高危安全漏洞:CVE-2026-53171》
CVSS 评分: 高危(8.8) CVE ID: CVE-2026-53171
漏洞描述
In the Linux kernel, the following vulnerability has been resolved:
accel/ethosu: fix arithmetic issues in dma_length()
dma_length() derives DMA region usage from command stream values and
updates region_size[]:
len = ((len + stride[0]) * size0 + stride[1]) * size1
region_size[region] = max(..., len + dma->offset)
Several arithmetic issues can corrupt the derived region size:
- signed stride values may underflow when added to len
- intermediate multiplications may overflow
- len + dma->offset may overflow during region_size updates
- dma_length() error returns were not validated by the caller
region_size[] is later used by ethosu_job.c to validate command stream
accesses against GEM buffer sizes. Arithmetic wraparound can therefore
under-report region usage and bypass the bounds validation.
Fix by validating signed additions, using overflow helpers for
multiplications and offset updates, and propagating dma_length()
failures to the caller.
| 字段 | 值 |
|---|---|
| CVE ID | CVE-2026-53171 |
| CVSS 评分 | 8.8 |
| 严重程度 | 高危 |
| 发布时间 | 2026-06-25 |
| 状态 | Received |
数据来源: NVD | 获取时间: 2026-06-28 18:14
💬 评论