CVE-2026-43200

Source
https://cve.org/CVERecord?id=CVE-2026-43200
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43200.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-43200
Downstream
Published
2026-05-06T11:28:06.904Z
Modified
2026-06-18T03:55:59.515085880Z
Summary
PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions
Details

In the Linux kernel, the following vulnerability has been resolved:

PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}epcepf_unlink() functions

struct configfsitemoperations callbacks are defined like the following:

int (*allowlink)(struct configitem *src, struct configitem *target); void (*droplink)(struct configitem *src, struct configitem *target);

While pciprimaryepcepflink() and pcisecondaryepcepflink() specify the parameters in the correct order, pciprimaryepcepfunlink() and pcisecondaryepcepfunlink() specify the parameters in the wrong order, leading to the below kernel crash when using the unlink command in configfs:

Unable to handle kernel paging request at virtual address 0000000300000857 Mem abort info: ... pc : string+0x54/0x14c lr : vsnprintf+0x280/0x6e8 ... string+0x54/0x14c vsnprintf+0x280/0x6e8 vprintkdefault+0x38/0x4c vprintk+0xc4/0xe0 pciepfunbind+0xdc/0x108 configfsunlink+0xe0/0x208+0x44/0x74 vfs_unlink+0x120/0x29c _arm64sysunlinkat+0x3c/0x90 invokesyscall+0x48/0x134 doel0svc+0x1c/0x30prop.0+0xd0/0xf0

[mani: cced stable, changed commit message as per https://lore.kernel.org/linux-pci/aV9joi3jF1R6ca02@ryzen]

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43200.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e85a2d7837622bd99c96f5bbc7f972da90c285a2
Fixed
58686bf62cb38b92e4b28408162a5703775b4d12
Fixed
1c96c1acef4b4a1108fc13f84a8ac0b0633bbb46
Fixed
142b1bba3299264b76ed8ef53cd93b2b2af65d6c
Fixed
339191811e6fc4559c4008c5af7a91b05086d596
Fixed
733cbc3aa97e71cc70847e75c925b364cc9b04a6
Fixed
aefc0e0bd20f54abe3b501b8798c0be656af272b
Fixed
8754dd7639ab0fd68c3ab9d91c7bdecc3e5740a8

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43200.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.12.0
Fixed
5.15.202
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.165
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.128
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.16
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.6

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43200.json"