HIGHCVE-2026-43498Published Modified CNA Linux
CVE-2026-43498: accel/ivpu: Disallow re-exporting imported GEM objects
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of imported GEM buffers by adding a custom prime_handle_to_fd callback that checks if the object is imported and returns -EOPNOTSUPP if so. Re-exporting imported GEM buffers causes loss of buffer flags settings, leading to incorrect device access and data corruption.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- 0
- Affected Products
- 2
Fix available
03756043dd695bba34cc728cdc5688dcb49ac80437.0.77.1-rc37dd57d7a6350770dfc283287125c409e995200e0
Affected packages
- Linux / Linux< 3756043dd695bba34cc728cdc5688dcb49ac8043 (from 57557964b582238d5ee4b8538d1c4694f91c2186) · < 7dd57d7a6350770dfc283287125c409e995200e0 (from 57557964b582238d5ee4b8538d1c4694f91c2186)
- Linux / Linux6.19Fixed in 0, 7.0.7, 7.1-rc3
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HReferences