PT-2026-52267 · Linux · Linux
Published
2026-06-25
·
Updated
2026-06-25
·
CVE-2026-53171
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
In the Linux kernel, the following vulnerability has been resolved:
accel/ethosu: fix arithmetic issues in dma length()
dma length() derives DMA region usage from command stream values and
updates region size[]:
len = ((len + stride[0]) * size0 + stride[1]) * size1
region size[region] = max(..., len + dma->offset)
Several arithmetic issues can corrupt the derived region size:
- signed stride values may underflow when added to len
- intermediate multiplications may overflow
- len + dma->offset may overflow during region size updates
- dma length() error returns were not validated by the caller
region size[] is later used by ethosu job.c to validate command stream
accesses against GEM buffer sizes. Arithmetic wraparound can therefore
under-report region usage and bypass the bounds validation.
Fix by validating signed additions, using overflow helpers for
multiplications and offset updates, and propagating dma length()
failures to the caller.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linux