CVE-2025-39783

In the Linux kernel, the following vulnerability has been resolved:

PCI: endpoint: Fix configfs group list head handling

Doing a listdel() on the epfgroup field of struct pciepfdriver in pciepfremovecfs() is not correct as this field is a list head, not a list entry. This listdel() call triggers a KASAN warning when an endpoint function driver which has a configfs attribute group is torn down:

================================================================== BUG: KASAN: slab-use-after-free in pciepfremove_cfs+0x17c/0x198 Write of size 8 at addr ffff00010f4a0d80 by task rmmod/319

CPU: 3 UID: 0 PID: 319 Comm: rmmod Not tainted 6.16.0-rc2 #1 NONE Hardware name: Radxa ROCK 5B (DT) Call trace: showstack+0x2c/0x84 (C) dumpstacklvl+0x70/0x98 printreport+0x17c/0x538 kasan_report+0xb8/0x190 __asanreportstore8noabort+0x20/0x2c pciepfremovecfs+0x17c/0x198 pciepfunregisterdriver+0x18/0x30 nvmetpciepfcleanupmodule+0x24/0x30 [nvmetpci_epf] __arm64sysdeletemodule+0x264/0x424 invokesyscall+0x70/0x260 el0svccommon.constprop.0+0xac/0x230 doel0svc+0x40/0x58 el0svc+0x48/0xdc el0t64synchandler+0x10c/0x138 el0t64sync+0x198/0x19c ...

Remove this incorrect listdel() call from pciepfremovecfs().