Description
In the Linux kernel, the following vulnerability has been resolved:

accel/ivpu: Disallow re-exporting imported GEM objects

Prevent re-exporting of imported GEM buffers by adding a custom
prime_handle_to_fd callback that checks if the object is imported
and returns -EOPNOTSUPP if so.

Re-exporting imported GEM buffers causes loss of buffer flags settings,
leading to incorrect device access and data corruption.
Published: 2026-05-21
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel’s accel/ivpu subsystem performed GEM buffer handling. A flaw allowed callers to re‑export imported GEM buffers, which caused the buffer’s flag settings to be lost. The loss of these settings could lead the driver to treat subsequent accesses to the buffer incorrectly and result in data corruption. The issue was fixed by adding a custom prime_handle_to_fd callback that checks whether the object has been imported and returns –EOPNOTSUPP, thereby preventing re‑export.

Affected Systems

Any Linux kernel that includes the accel/ivpu driver and GEM buffer handling logic before the patch. The CPE string indicates a generic Linux kernel, and no specific version ranges are provided, meaning any kernel built with this subsystem before the commit is affected.

Risk and Exploitability

The EPSS score of 0.00024 (0.024%) indicates a very low exploitation probability, and the vulnerability is not listed in CISA’s KEV catalog. The kernel code that manages GEM buffers is a core driver component, so exploitation would typically require local or privileged interaction with the graphics subsystem. Based on the description, it is inferred that re‑exporting imported GEM buffers could lead to data corruption, but no details on privilege escalation or remote exploitation are provided.

Generated by OpenCVE AI on May 30, 2026 at 13:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to a Linux kernel revision that includes the commit disabling re‑exporting of imported GEM buffers
  • If an upgrade cannot be applied immediately, disable the accel/ivpu driver or other GPU drivers that perform GEM buffer exports until the fix is applied
  • Monitor kernel logs for attempts to re‑export GEM buffers and configure alerts to detect such events

Generated by OpenCVE AI on May 30, 2026 at 13:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 30 May 2026 11:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 22 May 2026 02:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-265
CWE-284

Fri, 22 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-911
References

Thu, 21 May 2026 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-265
CWE-284

Thu, 21 May 2026 12:30:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of imported GEM buffers by adding a custom prime_handle_to_fd callback that checks if the object is imported and returns -EOPNOTSUPP if so. Re-exporting imported GEM buffers causes loss of buffer flags settings, leading to incorrect device access and data corruption.
Title accel/ivpu: Disallow re-exporting imported GEM objects
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-30T10:45:17.045Z

Reserved: 2026-05-01T14:12:56.014Z

Link: CVE-2026-43498

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-21T13:16:19.200

Modified: 2026-05-30T11:17:06.327

Link: CVE-2026-43498

cve-icon Redhat

Severity :

Publid Date: 2026-05-21T00:00:00Z

Links: CVE-2026-43498 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-30T13:15:24Z

Weaknesses
  • CWE-911

    Improper Update of Reference Count