CVE-2026-46009

Summary

In the Linux kernel, the following vulnerability has been resolved:

PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown

epf_ntb_epc_destroy() duplicates the teardown that the caller is supposed to do later. This leads to an oops when .allow_link fails or when .drop_link is performed. Remove the helper.

Also drop pci_epc_put(). EPC device refcounting is tied to configfs EPC group lifetime, and pci_epc_put() in the .drop_link path is sufficient.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux8b821cf761503b80d0bd052f932adfe1bc1a0088 < c3029721b84f59e790285ad27544ed5d3cb0f2a6affected
LinuxLinux8b821cf761503b80d0bd052f932adfe1bc1a0088 < c72f6a7ea638f95c486a5cfd86e567b646027687affected
LinuxLinux8b821cf761503b80d0bd052f932adfe1bc1a0088 < 72099f015d3c77bf2eb703d1aab113bd7a60915aaffected
LinuxLinux8b821cf761503b80d0bd052f932adfe1bc1a0088 < 756ca5e7ed22d9045bb4de4c981f9149278d5cd3affected
LinuxLinux8b821cf761503b80d0bd052f932adfe1bc1a0088 < 65fc57c8b8f0b31be62be291cb1bb01755cec85daffected
LinuxLinux8b821cf761503b80d0bd052f932adfe1bc1a0088 < e813c95e4c8edd31599081e6356e20ada30e266daffected
LinuxLinux8b821cf761503b80d0bd052f932adfe1bc1a0088 < 3446beddba450c8d6f9aca2f028712ac527fead3affected
LinuxLinux5.12affected
LinuxLinux0 < 5.12unaffected
LinuxLinux5.15.209 <= 5.15.*unaffected
LinuxLinux6.1.175 <= 6.1.*unaffected
LinuxLinux6.6.140 <= 6.6.*unaffected
LinuxLinux6.12.86 <= 6.12.*unaffected
LinuxLinux6.18.27 <= 6.18.*unaffected
LinuxLinux7.0.4 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References