CVE-2026-43200

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions<br /> <br /> struct configfs_item_operations callbacks are defined like the following:<br /> <br /> int (*allow_link)(struct config_item *src, struct config_item *target);<br /> void (*drop_link)(struct config_item *src, struct config_item *target);<br /> <br /> While pci_primary_epc_epf_link() and pci_secondary_epc_epf_link() specify<br /> the parameters in the correct order, pci_primary_epc_epf_unlink() and<br /> pci_secondary_epc_epf_unlink() specify the parameters in the wrong order,<br /> leading to the below kernel crash when using the unlink command in<br /> configfs:<br /> <br /> Unable to handle kernel paging request at virtual address 0000000300000857<br /> Mem abort info:<br /> ...<br /> pc : string+0x54/0x14c<br /> lr : vsnprintf+0x280/0x6e8<br /> ...<br /> string+0x54/0x14c<br /> vsnprintf+0x280/0x6e8<br /> vprintk_default+0x38/0x4c<br /> vprintk+0xc4/0xe0<br /> pci_epf_unbind+0xdc/0x108<br /> configfs_unlink+0xe0/0x208+0x44/0x74<br /> vfs_unlink+0x120/0x29c<br /> __arm64_sys_unlinkat+0x3c/0x90<br /> invoke_syscall+0x48/0x134<br /> do_el0_svc+0x1c/0x30prop.0+0xd0/0xf0<br /> <br /> [mani: cced stable, changed commit message as per https://lore.kernel.org/linux-pci/aV9joi3jF1R6ca02@ryzen]