{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-31594","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-03-09T15:48:24.121Z","datePublished":"2026-04-24T14:42:20.556Z","dateUpdated":"2026-05-11T22:11:48.658Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T22:11:48.658Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown\n\nepf_ntb_epc_destroy() duplicates the teardown that the caller is\nsupposed to perform later. This leads to an oops when .allow_link fails\nor when .drop_link is performed. The following is an example oops of the\nformer case:\n\n  Unable to handle kernel paging request at virtual address dead000000000108\n  [...]\n  [dead000000000108] address between user and kernel address ranges\n  Internal error: Oops: 0000000096000044 [#1]  SMP\n  [...]\n  Call trace:\n   pci_epc_remove_epf+0x78/0xe0 (P)\n   pci_primary_epc_epf_link+0x88/0xa8\n   configfs_symlink+0x1f4/0x5a0\n   vfs_symlink+0x134/0x1d8\n   do_symlinkat+0x88/0x138\n   __arm64_sys_symlinkat+0x74/0xe0\n  [...]\n\nRemove the helper, and drop pci_epc_put(). EPC device refcounting is\ntied to the configfs EPC group lifetime, and pci_epc_put() in the\n.drop_link path is sufficient."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/pci/endpoint/functions/pci-epf-vntb.c"],"versions":[{"version":"e35f56bb03304abc92c928b641af41ca372966bb","lessThan":"e238ab12556b00f3b4d8b870b32ba1e4f4d4ebc2","status":"affected","versionType":"git"},{"version":"e35f56bb03304abc92c928b641af41ca372966bb","lessThan":"73bf218de28d039126dc64281d2b47dd3c46a0a3","status":"affected","versionType":"git"},{"version":"e35f56bb03304abc92c928b641af41ca372966bb","lessThan":"cec9ead73ab154a7953f6ab8dd5127e0d6bbf95a","status":"affected","versionType":"git"},{"version":"e35f56bb03304abc92c928b641af41ca372966bb","lessThan":"478e776101592eb63298714e96823ef78a3295ec","status":"affected","versionType":"git"},{"version":"e35f56bb03304abc92c928b641af41ca372966bb","lessThan":"a7a3cab4d33fd8a8aed864c447d0d7c99e85404e","status":"affected","versionType":"git"},{"version":"e35f56bb03304abc92c928b641af41ca372966bb","lessThan":"0da63230d3ec1ec5fcc443a2314233e95bfece54","status":"affected","versionType":"git"},{"version":"e2b6ef72b7aea9d7d480d2df499bcd1c93247abb","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/pci/endpoint/functions/pci-epf-vntb.c"],"versions":[{"version":"6.0","status":"affected"},{"version":"0","lessThan":"6.0","status":"unaffected","versionType":"semver"},{"version":"6.6.136","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.84","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.24","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"6.19.14","lessThanOrEqual":"6.19.*","status":"unaffected","versionType":"semver"},{"version":"7.0.1","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1-rc1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.6.136"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.12.84"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.18.24"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"6.19.14"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"7.0.1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0","versionEndExcluding":"7.1-rc1"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15.153"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/e238ab12556b00f3b4d8b870b32ba1e4f4d4ebc2"},{"url":"https://git.kernel.org/stable/c/73bf218de28d039126dc64281d2b47dd3c46a0a3"},{"url":"https://git.kernel.org/stable/c/cec9ead73ab154a7953f6ab8dd5127e0d6bbf95a"},{"url":"https://git.kernel.org/stable/c/478e776101592eb63298714e96823ef78a3295ec"},{"url":"https://git.kernel.org/stable/c/a7a3cab4d33fd8a8aed864c447d0d7c99e85404e"},{"url":"https://git.kernel.org/stable/c/0da63230d3ec1ec5fcc443a2314233e95bfece54"}],"title":"PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown","x_generator":{"engine":"bippy-1.2.0"}}}}