Home

Description

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions struct configfs_item_operations callbacks are defined like the following: int (*allow_link)(struct config_item *src, struct config_item *target); void (*drop_link)(struct config_item *src, struct config_item *target); While pci_primary_epc_epf_link() and pci_secondary_epc_epf_link() specify the parameters in the correct order, pci_primary_epc_epf_unlink() and pci_secondary_epc_epf_unlink() specify the parameters in the wrong order, leading to the below kernel crash when using the unlink command in configfs: Unable to handle kernel paging request at virtual address 0000000300000857 Mem abort info: ... pc : string+0x54/0x14c lr : vsnprintf+0x280/0x6e8 ... string+0x54/0x14c vsnprintf+0x280/0x6e8 vprintk_default+0x38/0x4c vprintk+0xc4/0xe0 pci_epf_unbind+0xdc/0x108 configfs_unlink+0xe0/0x208+0x44/0x74 vfs_unlink+0x120/0x29c __arm64_sys_unlinkat+0x3c/0x90 invoke_syscall+0x48/0x134 do_el0_svc+0x1c/0x30prop.0+0xd0/0xf0 [mani: cced stable, changed commit message as per https://lore.kernel.org/linux-pci/aV9joi3jF1R6ca02@ryzen]

PUBLISHED Reserved 2026-05-01 | Published 2026-05-06 | Updated 2026-05-06 | Assigner Linux

Product status

Default status
unaffected

e85a2d7837622bd99c96f5bbc7f972da90c285a2 (git) before 58686bf62cb38b92e4b28408162a5703775b4d12
affected

e85a2d7837622bd99c96f5bbc7f972da90c285a2 (git) before 1c96c1acef4b4a1108fc13f84a8ac0b0633bbb46
affected

e85a2d7837622bd99c96f5bbc7f972da90c285a2 (git) before 142b1bba3299264b76ed8ef53cd93b2b2af65d6c
affected

e85a2d7837622bd99c96f5bbc7f972da90c285a2 (git) before 339191811e6fc4559c4008c5af7a91b05086d596
affected

e85a2d7837622bd99c96f5bbc7f972da90c285a2 (git) before 733cbc3aa97e71cc70847e75c925b364cc9b04a6
affected

e85a2d7837622bd99c96f5bbc7f972da90c285a2 (git) before aefc0e0bd20f54abe3b501b8798c0be656af272b
affected

e85a2d7837622bd99c96f5bbc7f972da90c285a2 (git) before 8754dd7639ab0fd68c3ab9d91c7bdecc3e5740a8
affected

Default status
affected

5.12
affected

Any version before 5.12
unaffected

5.15.202 (semver)
unaffected

6.1.165 (semver)
unaffected

6.6.128 (semver)
unaffected

6.12.75 (semver)
unaffected

6.18.16 (semver)
unaffected

6.19.6 (semver)
unaffected

7.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/58686bf62cb38b92e4b28408162a5703775b4d12

git.kernel.org/...c/1c96c1acef4b4a1108fc13f84a8ac0b0633bbb46

git.kernel.org/...c/142b1bba3299264b76ed8ef53cd93b2b2af65d6c

git.kernel.org/...c/339191811e6fc4559c4008c5af7a91b05086d596

git.kernel.org/...c/733cbc3aa97e71cc70847e75c925b364cc9b04a6

git.kernel.org/...c/aefc0e0bd20f54abe3b501b8798c0be656af272b

git.kernel.org/...c/8754dd7639ab0fd68c3ab9d91c7bdecc3e5740a8

cve.org (CVE-2026-43200)

nvd.nist.gov (CVE-2026-43200)

Download JSON