CVE-2026-31594

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown<br /> <br /> epf_ntb_epc_destroy() duplicates the teardown that the caller is<br /> supposed to perform later. This leads to an oops when .allow_link fails<br /> or when .drop_link is performed. The following is an example oops of the<br /> former case:<br /> <br /> Unable to handle kernel paging request at virtual address dead000000000108<br /> [...]<br /> [dead000000000108] address between user and kernel address ranges<br /> Internal error: Oops: 0000000096000044 [#1] SMP<br /> [...]<br /> Call trace:<br /> pci_epc_remove_epf+0x78/0xe0 (P)<br /> pci_primary_epc_epf_link+0x88/0xa8<br /> configfs_symlink+0x1f4/0x5a0<br /> vfs_symlink+0x134/0x1d8<br /> do_symlinkat+0x88/0x138<br /> __arm64_sys_symlinkat+0x74/0xe0<br /> [...]<br /> <br /> Remove the helper, and drop pci_epc_put(). EPC device refcounting is<br /> tied to the configfs EPC group lifetime, and pci_epc_put() in the<br /> .drop_link path is sufficient.