Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix arithmetic issues in dma_length() dma_length() derives DMA region usage from command stream values and updates region_size[]: len = ((len + stride[0]) * size0 + stride[1]) * size1 region_size[region] = max(..., len + dma->offset) Several arithmetic issues can corrupt the derived region size: - signed stride values may underflow when added to len - intermediate multiplications may overflow - len + dma->offset may overflow during region_size updates - dma_length() error returns were not validated by the caller region_size[] is later used by ethosu_job.c to validate command stream accesses against GEM buffer sizes. Arithmetic wraparound can therefore under-report region usage and bypass the bounds validation. Fix by validating signed additions, using overflow helpers for multiplications and offset updates, and propagating dma_length() failures to the caller.
References
- https://git.kernel.org/stable/c/6bb73845d1855ceaf50e397175e5979a7bdf69bc
- https://git.kernel.org/stable/c/ee6d9b6e51626f259c6f0e38d94f91be4fd14754
FAQ
What is CVE-2026-53171?
CVE-2026-53171 is a documented vulnerability. In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix arithmetic issues in dma_length() dma_length() derives DMA region usage from command stream values and updates r...
How severe is CVE-2026-53171?
CVSS scoring is not yet available for CVE-2026-53171. Check NVD for updates.
Is there a patch for CVE-2026-53171?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.