PT-2026-52267 · Linux · Linux
Publicado
2026-06-25
·
Atualizado
2026-06-25
·
CVE-2026-53171
Nenhuma
Não há classificações de severidade ou métricas disponíveis. Quando houver, atualizaremos as informações correspondentes na página.
In the Linux kernel, the following vulnerability has been resolved:
accel/ethosu: fix arithmetic issues in dma length()
dma length() derives DMA region usage from command stream values and
updates region size[]:
len = ((len + stride[0]) * size0 + stride[1]) * size1
region size[region] = max(..., len + dma->offset)
Several arithmetic issues can corrupt the derived region size:
- signed stride values may underflow when added to len
- intermediate multiplications may overflow
- len + dma->offset may overflow during region size updates
- dma length() error returns were not validated by the caller
region size[] is later used by ethosu job.c to validate command stream
accesses against GEM buffer sizes. Arithmetic wraparound can therefore
under-report region usage and bypass the bounds validation.
Fix by validating signed additions, using overflow helpers for
multiplications and offset updates, and propagating dma length()
failures to the caller.
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Linux