In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}epcepf_unlink() functions
struct configfsitemoperations callbacks are defined like the following:
int (*allowlink)(struct configitem *src, struct configitem *target); void (*droplink)(struct configitem *src, struct configitem *target);
While pciprimaryepcepflink() and pcisecondaryepcepflink() specify the parameters in the correct order, pciprimaryepcepfunlink() and pcisecondaryepcepfunlink() specify the parameters in the wrong order, leading to the below kernel crash when using the unlink command in configfs:
Unable to handle kernel paging request at virtual address 0000000300000857 Mem abort info: ... pc : string+0x54/0x14c lr : vsnprintf+0x280/0x6e8 ... string+0x54/0x14c vsnprintf+0x280/0x6e8 vprintkdefault+0x38/0x4c vprintk+0xc4/0xe0 pciepfunbind+0xdc/0x108 configfsunlink+0xe0/0x208+0x44/0x74 vfs_unlink+0x120/0x29c _arm64sysunlinkat+0x3c/0x90 invokesyscall+0x48/0x134 doel0svc+0x1c/0x30prop.0+0xd0/0xf0
[mani: cced stable, changed commit message as per https://lore.kernel.org/linux-pci/aV9joi3jF1R6ca02@ryzen]
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43200.json"
}