CVE-2026-43498

HIGH

accel/ivpu: Disallow re-exporting imported GEM objects

Title source: cna
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of imported GEM buffers by adding a custom prime_handle_to_fd callback that checks if the object is imported and returns -EOPNOTSUPP if so. Re-exporting imported GEM buffers causes loss of buffer flags settings, leading to incorrect device access and data corruption.

Scores

CVSS v3 7.8
EPSS 0.0011
EPSS Percentile 1.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-787
Status published
Products (10)
linux/Kernel 6.19.0 - 7.0.7linux
Linux/Linux < 6.19
Linux/Linux 57557964b582238d5ee4b8538d1c4694f91c2186 - 3756043dd695bba34cc728cdc5688dcb49ac8043
Linux/Linux 57557964b582238d5ee4b8538d1c4694f91c2186 - 7dd57d7a6350770dfc283287125c409e995200e0
Linux/Linux 6.19
Linux/Linux 7.0.7 - 7.0.*
Linux/Linux 7.1
Linux/Linux 7.1-rc3
linux/linux_kernel 7.1 rc1 (2 CPE variants)
linux/linux_kernel 6.19 - 7.0.7
Published May 21, 2026
Tracked Since May 21, 2026