Skip to main content

Linux Kernel EUVDEUVD-2026-32306

| CVE-2026-46009 MEDIUM
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-4fp6-v282-8q64
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
5.5 MEDIUM

Local low-privilege user triggers kernel oops via NTB link state transition; no confidentiality or integrity impact, availability impact is complete (kernel crash).

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 16, 2026 - 15:56 vuln.today
CVSS changed
Jun 16, 2026 - 15:37 NVD
5.5 (MEDIUM)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:17 nvd
MEDIUM 5.5
CVE Published
May 27, 2026 - 14:17 nvd
UNKNOWN (no severity yet)

DescriptionNVD

In the Linux kernel, the following vulnerability has been resolved:

PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown

epf_ntb_epc_destroy() duplicates the teardown that the caller is supposed to do later. This leads to an oops when .allow_link fails or when .drop_link is performed. Remove the helper.

Also drop pci_epc_put(). EPC device refcounting is tied to configfs EPC group lifetime, and pci_epc_put() in the .drop_link path is sufficient.

AnalysisAI

Duplicate resource teardown in the Linux kernel's PCI endpoint NTB (Non-Transparent Bridge) driver causes a kernel oops when link state transitions fail or complete, enabling a local low-privileged user to crash the kernel. The epf_ntb_epc_destroy() helper performs teardown that its callers also execute, resulting in a double-free-class condition. No public exploit code exists and no active exploitation has been confirmed (not in CISA KEV); the EPSS score of 0.02% at the 5th percentile reflects extremely low observed exploitation probability.

Technical ContextAI

The vulnerability resides in the Linux kernel's PCI endpoint subsystem, specifically the pci-epf-ntb driver (drivers/pci/endpoint/functions/pci-epf-ntb.c), which implements PCIe Non-Transparent Bridging endpoint function support. The epf_ntb_epc_destroy() helper duplicates resource teardown already performed by its callers, and additionally calls pci_epc_put() which violates EPC device reference counting invariants - those are tied to configfs EPC group lifetime and must only be released in the .drop_link path. When .allow_link fails or .drop_link is invoked, the double teardown produces a kernel oops. CWE is formally listed as N/A, but the root cause class is a duplicate resource release (analogous to CWE-415: Double Free) in kernel object lifecycle management. Affected CPE: cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*.

RemediationAI

Update the Linux kernel to a patched stable release: 6.6.140, 6.12.86, 6.18.27, or 7.0.4; users on the development branch should use 7.1-rc1 or later. Patch commits are available at https://git.kernel.org/stable/c/3446beddba450c8d6f9aca2f028712ac527fead3, https://git.kernel.org/stable/c/756ca5e7ed22d9045bb4de4c981f9149278d5cd3, https://git.kernel.org/stable/c/65fc57c8b8f0b31be62be291cb1bb01755cec85d, and related commits. If immediate patching is not feasible, unloading and blacklisting the pci-epf-ntb module (rmmod pci-epf-ntb and adding blacklist pci-epf-ntb to /etc/modprobe.d/) fully eliminates the attack surface, with the sole trade-off of losing PCIe NTB endpoint bridging functionality - acceptable on systems that do not rely on NTB interconnects.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise Desktop 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected
SUSE Linux Enterprise High Availability Extension 15 SP7 Not-Affected

Share

EUVD-2026-32306 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy