CVE-2026-43498: accel/ivpu: Disallow re-exporting imported GEM objects

Published May 21, 2026

Updated

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of imported GEM buffers by adding a custom prime_handle_to_fd callback that checks if the object is imported and returns -EOPNOTSUPP if so. Re-exporting imported GEM buffers causes loss of buffer flags settings, leading to incorrect device access and data corruption.

Affected Software

1 affected component

Linux Linux kernel

Event History

May 21, 2026

CVE Published

via MITRE·12:17 PM

Data Sourced

via MITRE·12:17 PM

Description

Data Sourced

via NVD·01:16 PM

Description

Frequently Asked Questions

What is the severity of CVE-2026-43498?

CVE-2026-43498 has a risk rating of 37, indicating a moderate severity level.

What systems are affected by CVE-2026-43498?

CVE-2026-43498 affects the Linux kernel related to the accel/ivpu subsystem.

How do I fix CVE-2026-43498?

To fix CVE-2026-43498, ensure that you upgrade to the patched version of the Linux kernel that resolves this vulnerability.

What is the main issue described in CVE-2026-43498?

CVE-2026-43498 addresses the improper handling of imported GEM objects by disallowing their re-exporting.

When was CVE-2026-43498 published?

CVE-2026-43498 was published on May 21, 2026.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.