CVE-2026-46009 PUBLISHED

PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown

Assigner: Linux
Reserved: 13.05.2026 Published: 27.05.2026 Updated: 27.05.2026

In the Linux kernel, the following vulnerability has been resolved:

PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown

epf_ntb_epc_destroy() duplicates the teardown that the caller is supposed to do later. This leads to an oops when .allow_link fails or when .drop_link is performed. Remove the helper.

Also drop pci_epc_put(). EPC device refcounting is tied to configfs EPC group lifetime, and pci_epc_put() in the .drop_link path is sufficient.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 8b821cf761503b80d0bd052f932adfe1bc1a0088 to 72099f015d3c77bf2eb703d1aab113bd7a60915a (excl.)
  • affected from 8b821cf761503b80d0bd052f932adfe1bc1a0088 to 756ca5e7ed22d9045bb4de4c981f9149278d5cd3 (excl.)
  • affected from 8b821cf761503b80d0bd052f932adfe1bc1a0088 to 65fc57c8b8f0b31be62be291cb1bb01755cec85d (excl.)
  • affected from 8b821cf761503b80d0bd052f932adfe1bc1a0088 to e813c95e4c8edd31599081e6356e20ada30e266d (excl.)
  • affected from 8b821cf761503b80d0bd052f932adfe1bc1a0088 to 3446beddba450c8d6f9aca2f028712ac527fead3 (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • Version 5.12 is affected
  • unaffected from 0 to 5.12 (excl.)
  • unaffected from 6.6.140 to 6.6.* (incl.)
  • unaffected from 6.12.86 to 6.12.* (incl.)
  • unaffected from 6.18.27 to 6.18.* (incl.)
  • unaffected from 7.0.4 to 7.0.* (incl.)
  • unaffected from 7.1-rc1 to * (incl.)

References