CVE Catalog

CVE-2026-46009

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.17%

7th percentile - higher than 7% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel related to duplicate resource teardown in the epf_ntb_epc_destroy() function. This may lead to system errors when the .allow_link operation fails or during the .drop_link execution.

Risk Assessment

This vulnerability may lead to system instability, which can affect the availability of services within the organization.

Recommendation

It is recommended to update the Linux kernel to the latest version to mitigate this vulnerability and ensure system stability.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown epf_ntb_epc_destroy() duplicates the teardown that the caller is supposed to do later. This leads to an oops when .allow_link fails or when .drop_link is performed. Remove the helper. Also drop pci_epc_put(). EPC device refcounting is tied to configfs EPC group lifetime, and pci_epc_put() in the .drop_link path is sufficient.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS