In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown
epfntbepcdestroy() duplicates the teardown that the caller is supposed to do later. This leads to an oops when .allowlink fails or when .drop_link is performed. Remove the helper.
Also drop pciepcput(). EPC device refcounting is tied to configfs EPC group lifetime, and pciepcput() in the .drop_link path is sufficient.
{
"cna_assigner": "Linux",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/46xxx/CVE-2026-46009.json"
}