CVE-2026-31594

{"id": "CVE-2026-31594", "cveTags": [], "metrics": {}, "published": "2026-04-24T15:16:37.087", "references": [{"url": "https://git.kernel.org/stable/c/0da63230d3ec1ec5fcc443a2314233e95bfece54", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/478e776101592eb63298714e96823ef78a3295ec", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/73bf218de28d039126dc64281d2b47dd3c46a0a3", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/a7a3cab4d33fd8a8aed864c447d0d7c99e85404e", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/cec9ead73ab154a7953f6ab8dd5127e0d6bbf95a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}, {"url": "https://git.kernel.org/stable/c/e238ab12556b00f3b4d8b870b32ba1e4f4d4ebc2", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}], "vulnStatus": "Awaiting Analysis", "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown\n\nepf_ntb_epc_destroy() duplicates the teardown that the caller is\nsupposed to perform later. This leads to an oops when .allow_link fails\nor when .drop_link is performed. The following is an example oops of the\nformer case:\n\n Unable to handle kernel paging request at virtual address dead000000000108\n [...]\n [dead000000000108] address between user and kernel address ranges\n Internal error: Oops: 0000000096000044 [#1] SMP\n [...]\n Call trace:\n pci_epc_remove_epf+0x78/0xe0 (P)\n pci_primary_epc_epf_link+0x88/0xa8\n configfs_symlink+0x1f4/0x5a0\n vfs_symlink+0x134/0x1d8\n do_symlinkat+0x88/0x138\n __arm64_sys_symlinkat+0x74/0xe0\n [...]\n\nRemove the helper, and drop pci_epc_put(). EPC device refcounting is\ntied to the configfs EPC group lifetime, and pci_epc_put() in the\n.drop_link path is sufficient."}], "lastModified": "2026-04-27T14:16:44.113", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"}