Skip to main content

Linux Kernel CVE-2026-43200

| EUVDEUVD-2026-27761 MEDIUM
2026-05-06 Linux GHSA-h3wc-x575-rqjq
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 11, 2026 - 20:22 vuln.today
CVSS changed
May 11, 2026 - 20:22 NVD
5.5 (MEDIUM)
Patch available
May 06, 2026 - 13:32 EUVD
CVE Published
May 06, 2026 - 11:28 nvd
MEDIUM 5.5

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions

struct configfs_item_operations callbacks are defined like the following:

int (*allow_link)(struct config_item *src, struct config_item *target); void (*drop_link)(struct config_item *src, struct config_item *target);

While pci_primary_epc_epf_link() and pci_secondary_epc_epf_link() specify the parameters in the correct order, pci_primary_epc_epf_unlink() and pci_secondary_epc_epf_unlink() specify the parameters in the wrong order, leading to the below kernel crash when using the unlink command in configfs:

Unable to handle kernel paging request at virtual address 0000000300000857 Mem abort info: ... pc : string+0x54/0x14c lr : vsnprintf+0x280/0x6e8 ... string+0x54/0x14c vsnprintf+0x280/0x6e8 vprintk_default+0x38/0x4c vprintk+0xc4/0xe0 pci_epf_unbind+0xdc/0x108 configfs_unlink+0xe0/0x208+0x44/0x74 vfs_unlink+0x120/0x29c __arm64_sys_unlinkat+0x3c/0x90 invoke_syscall+0x48/0x134 do_el0_svc+0x1c/0x30prop.0+0xd0/0xf0

[mani: cced stable, changed commit message as per https://lore.kernel.org/linux-pci/aV9joi3jF1R6ca02@ryzen]

AnalysisAI

Denial of service in Linux kernel PCI endpoint configfs interface allows local attackers with low privileges to crash the kernel via swapped parameters in pci_primary_epc_epf_unlink() and pci_secondary_epc_epf_unlink() functions. When executing the unlink command in configfs, incorrect parameter ordering causes invalid memory access and kernel panic. CVSS 5.5 (local, low complexity, low privilege) with EPSS 0.02% suggests limited real-world exploitation despite confirmed availability of patches across multiple kernel branches.

Technical ContextAI

The vulnerability exists in the Linux kernel's PCI endpoint (pci-ep) driver, specifically in configfs integration for managing PCI endpoint function (EPF) links. The configfs_item_operations structure defines callbacks with strict parameter ordering: allow_link(src, target) and drop_link(src, target). While the link functions correctly order parameters, the unlink functions reverse them, passing target as src and src as target. This causes subsequent code to dereference pointers with incorrect type expectations, leading to out-of-bounds memory access. The issue affects the PCI endpoint driver's ability to safely unbind EPF configurations through the configfs filesystem interface (CONFIG_PCI_ENDPOINT_CONFIGFS).

RemediationAI

Upgrade to patched kernel versions: 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.16, 6.19.6, 7.0, or later corresponding stable branches. For systems with custom kernel builds, apply the fix from git commit 733cbc3aa97e71cc70847e75c925b364cc9b04a6 (or equivalent backports: 58686bf62cb38b92e4b28408162a5703775b4d12, 1c96c1acef4b4a1108fc13f84a8ac0b0633bbb46, 142b1bba3299264b76ed8ef53cd93b2b2af65d6c, 339191811e6fc4559c4008c5af7a91b05086d596, aefc0e0bd20f54abe3b501b8798c0be656af272b). As a temporary workaround for affected environments actively using PCI endpoint configfs, disable CONFIG_PCI_ENDPOINT_CONFIGFS at compile time, though this removes configfs-based EPF management functionality. References: https://git.kernel.org/stable/c/733cbc3aa97e71cc70847e75c925b364cc9b04a6, https://nvd.nist.gov/vuln/detail/CVE-2026-43200

More in Amd

View all
CVE-2021-22986 CRITICAL POC
9.8 Mar 31

On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.

CVE-2020-6103 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6102 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6101 CRITICAL POC
9.9 Jul 20

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.

CVE-2020-6100 CRITICAL POC
9.9 Jul 20

An exploitable memory corruption vulnerability exists in AMD atidxx64.dll 26.20.15019.19000 graphics driver. Rated criti

CVE-2018-6546 CRITICAL POC
9.8 Apr 13

plays_service.exe in the plays.tv service before 1.27.7.0, as distributed in AMD driver-installation packages and Gaming

CVE-2021-3653 HIGH POC
8.8 Sep 29

A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. Rated high severity (CVSS 8.8), this vu

CVE-2020-12138 HIGH POC
8.8 Apr 27

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of se

CVE-2019-5098 HIGH POC
8.6 Dec 05

An exploitable out-of-bounds read vulnerability exists in AMD ATIDXX64.DLL driver, version 26.20.13001.29010. Rated high

CVE-2015-7724 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2015-7723 HIGH POC
7.8 Jun 07

AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack. Rated high severity (CVSS 7.8),

CVE-2023-1048 HIGH POC
7.8 Feb 26

A vulnerability, which was classified as critical, has been found in TechPowerUp Ryzen DRAM Calculator 1.2.0.5.sys. Rate

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43200 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy