CVE-2026-46009
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
27/05/2026
Last modified:
16/06/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown<br />
<br />
epf_ntb_epc_destroy() duplicates the teardown that the caller is<br />
supposed to do later. This leads to an oops when .allow_link fails or<br />
when .drop_link is performed. Remove the helper.<br />
<br />
Also drop pci_epc_put(). EPC device refcounting is tied to configfs EPC<br />
group lifetime, and pci_epc_put() in the .drop_link path is sufficient.
Impact
Base Score 3.x
5.50
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.12 (including) | 5.15.209 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 5.16 (including) | 6.1.175 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.2 (including) | 6.6.140 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.7 (including) | 6.12.86 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.13 (including) | 6.18.27 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 6.19 (including) | 7.0.4 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/3446beddba450c8d6f9aca2f028712ac527fead3
- https://git.kernel.org/stable/c/65fc57c8b8f0b31be62be291cb1bb01755cec85d
- https://git.kernel.org/stable/c/72099f015d3c77bf2eb703d1aab113bd7a60915a
- https://git.kernel.org/stable/c/756ca5e7ed22d9045bb4de4c981f9149278d5cd3
- https://git.kernel.org/stable/c/c3029721b84f59e790285ad27544ed5d3cb0f2a6
- https://git.kernel.org/stable/c/c72f6a7ea638f95c486a5cfd86e567b646027687
- https://git.kernel.org/stable/c/e813c95e4c8edd31599081e6356e20ada30e266d



