CVE-2026-31594

MEDIUM EPSS 2.4%
Published Apr 24, 20262mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published Apr 24, 2026 2mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown epf_ntb_epc_destroy() duplicates the teardown that the caller is supposed to perform later. This leads to an oops when .allow_link fails or when .drop_link is performed. The following is an example oops of the former case: Unable to handle kernel paging request at virtual address dead000000000108 [...] [dead000000000108] address between user and kernel address ranges Internal error: Oops: 0000000096000044 [#1] SMP [...] Call trace: pci_epc_remove_epf+0x78/0xe0 (P) pci_primary_epc_epf_link+0x88/0xa8 configfs_symlink+0x1f4/0x5a0 vfs_symlink+0x134/0x1d8 do_symlinkat+0x88/0x138 __arm64_sys_symlinkat+0x74/0xe0 [...] Remove the helper, and drop pci_epc_put(). EPC device refcounting is tied to the configfs EPC group lifetime, and pci_epc_put() in the .drop_link path is sufficient.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.4% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 5

VendorProductVersionRange
linuxlinux_kernel*≥6.0  –  <6.6.136
linuxlinux_kernel*≥6.7  –  <6.12.84
linuxlinux_kernel*≥6.13  –  <6.18.24
linuxlinux_kernel*≥6.19  –  <6.19.14
linuxlinux_kernel*≥7.0  –  <7.0.1

References 8

  • git.kernel.org https://git.kernel.org/stable/c/0da63230d3ec1ec5fcc443a2314233e95bfece54
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/305a0674bc552bfcc3231e23fb91cf4f62aec168
  • git.kernel.org https://git.kernel.org/stable/c/478e776101592eb63298714e96823ef78a3295ec
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/73bf218de28d039126dc64281d2b47dd3c46a0a3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a7a3cab4d33fd8a8aed864c447d0d7c99e85404e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/b261027a1a235d8925e332363f23135a0eff2b35
  • git.kernel.org https://git.kernel.org/stable/c/cec9ead73ab154a7953f6ab8dd5127e0d6bbf95a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e238ab12556b00f3b4d8b870b32ba1e4f4d4ebc2
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/0da63230d3ec1ec5fcc443a2314233e95bfece54
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/478e776101592eb63298714e96823ef78a3295ec
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/73bf218de28d039126dc64281d2b47dd3c46a0a3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/a7a3cab4d33fd8a8aed864c447d0d7c99e85404e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/cec9ead73ab154a7953f6ab8dd5127e0d6bbf95a
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/e238ab12556b00f3b4d8b870b32ba1e4f4d4ebc2
    Patch