Home

Description

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown epf_ntb_epc_destroy() duplicates the teardown that the caller is supposed to do later. This leads to an oops when .allow_link fails or when .drop_link is performed. Remove the helper. Also drop pci_epc_put(). EPC device refcounting is tied to configfs EPC group lifetime, and pci_epc_put() in the .drop_link path is sufficient.

PUBLISHED Reserved 2026-05-13 | Published 2026-05-27 | Updated 2026-06-01 | Assigner Linux

Product status

Default status
unaffected

8b821cf761503b80d0bd052f932adfe1bc1a0088 (git) before c3029721b84f59e790285ad27544ed5d3cb0f2a6
affected

8b821cf761503b80d0bd052f932adfe1bc1a0088 (git) before c72f6a7ea638f95c486a5cfd86e567b646027687
affected

8b821cf761503b80d0bd052f932adfe1bc1a0088 (git) before 72099f015d3c77bf2eb703d1aab113bd7a60915a
affected

8b821cf761503b80d0bd052f932adfe1bc1a0088 (git) before 756ca5e7ed22d9045bb4de4c981f9149278d5cd3
affected

8b821cf761503b80d0bd052f932adfe1bc1a0088 (git) before 65fc57c8b8f0b31be62be291cb1bb01755cec85d
affected

8b821cf761503b80d0bd052f932adfe1bc1a0088 (git) before e813c95e4c8edd31599081e6356e20ada30e266d
affected

8b821cf761503b80d0bd052f932adfe1bc1a0088 (git) before 3446beddba450c8d6f9aca2f028712ac527fead3
affected

Default status
affected

5.12
affected

Any version before 5.12
unaffected

5.15.209 (semver)
unaffected

6.1.175 (semver)
unaffected

6.6.140 (semver)
unaffected

6.12.86 (semver)
unaffected

6.18.27 (semver)
unaffected

7.0.4 (semver)
unaffected

7.1-rc1 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/c3029721b84f59e790285ad27544ed5d3cb0f2a6

git.kernel.org/...c/c72f6a7ea638f95c486a5cfd86e567b646027687

git.kernel.org/...c/72099f015d3c77bf2eb703d1aab113bd7a60915a

git.kernel.org/...c/756ca5e7ed22d9045bb4de4c981f9149278d5cd3

git.kernel.org/...c/65fc57c8b8f0b31be62be291cb1bb01755cec85d

git.kernel.org/...c/e813c95e4c8edd31599081e6356e20ada30e266d

git.kernel.org/...c/3446beddba450c8d6f9aca2f028712ac527fead3

cve.org (CVE-2026-46009)

nvd.nist.gov (CVE-2026-46009)

Download JSON