An access control vulnerability in the Linux kernel IVPU driver could allow for unauthorized memory access via GEM object re-exporting.

The vulnerability is due to a missing restriction in the IVPU accelerator driver, which allows re-exporting of imported GEM buffers. By failing to return -EOPNOTSUPP for imported objects, the driver enables improper handle-to-fd conversions.

With a CVSS score of 7.8 (High), this vulnerability poses a risk to systems utilizing Intel accelerator hardware. Unauthorized access to GEM memory handles could lead to information disclosure or potential escalation of privileges by manipulating shared graphics/compute memory.

Immediate Action: Update the Linux kernel to the latest version to include the patch that disallows re-exporting of imported GEM objects.

Proactive Monitoring: Monitor system logs for driver-related errors and restrict user access to accelerator device nodes.

Compensating Controls: Apply strict permissions to device nodes associated with the IVPU driver to prevent unauthorized usage by unprivileged users.

Public Exploit Available: false

Users of Intel-based hardware with IVPU support should prioritize this kernel update to prevent potential memory access violations.