CVE-2026-43200
Awaiting Analysis Awaiting Analysis - Queue
PCI Endpoint Parameter Swap in Linux Kernel

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions struct configfs_item_operations callbacks are defined like the following: int (*allow_link)(struct config_item *src, struct config_item *target); void (*drop_link)(struct config_item *src, struct config_item *target); While pci_primary_epc_epf_link() and pci_secondary_epc_epf_link() specify the parameters in the correct order, pci_primary_epc_epf_unlink() and pci_secondary_epc_epf_unlink() specify the parameters in the wrong order, leading to the below kernel crash when using the unlink command in configfs: Unable to handle kernel paging request at virtual address 0000000300000857 Mem abort info: ... pc : string+0x54/0x14c lr : vsnprintf+0x280/0x6e8 ... string+0x54/0x14c vsnprintf+0x280/0x6e8 vprintk_default+0x38/0x4c vprintk+0xc4/0xe0 pci_epf_unbind+0xdc/0x108 configfs_unlink+0xe0/0x208+0x44/0x74 vfs_unlink+0x120/0x29c __arm64_sys_unlinkat+0x3c/0x90 invoke_syscall+0x48/0x134 do_el0_svc+0x1c/0x30prop.0+0xd0/0xf0 [mani: cced stable, changed commit message as per https://lore.kernel.org/linux-pci/aV9joi3jF1R6ca02@ryzen]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-06
Generated
2026-05-07
AI Q&A
2026-05-06
EPSS Evaluated
N/A
NVD
CVE-2026-43200
EUVD
EUVD-2026-27761
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's PCI endpoint code where two functions, pci_primary_epc_epf_unlink() and pci_secondary_epc_epf_unlink(), have their parameters swapped incorrectly compared to the expected order defined by struct configfs_item_operations callbacks.

Because of this parameter swap, when the unlink command is used in configfs, it causes a kernel crash due to an invalid memory access (kernel paging request failure). This crash occurs during the unlink operation, leading to instability in the kernel.


How can this vulnerability impact me? :

This vulnerability can cause the Linux kernel to crash when the unlink command is executed in configfs related to PCI endpoint functions. Such a crash can lead to system instability, potential denial of service, and unexpected reboots or downtime.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability causes a kernel crash when using the unlink command in configfs due to swapped parameters in pci_primary_epc_epf_unlink() and pci_secondary_epc_epf_unlink() functions.

Detection can involve monitoring for kernel crash logs or messages related to "Unable to handle kernel paging request" or crashes involving pci_epf_unbind, configfs_unlink, or vfs_unlink functions.

Specifically, checking kernel logs (e.g., using dmesg) for crash traces similar to the following can indicate the presence of this issue:

  • dmesg | grep -i 'Unable to handle kernel paging request'
  • dmesg | grep -E 'pci_epf_unbind|configfs_unlink|vfs_unlink'

Additionally, attempting to use the unlink command in configfs and observing if it triggers a kernel crash can help confirm the vulnerability.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability is resolved by fixing the swapped parameters in the pci_primary_epc_epf_unlink() and pci_secondary_epc_epf_unlink() functions in the Linux kernel.

Immediate mitigation steps include:

  • Update the Linux kernel to a version that includes the fix for this vulnerability.
  • Avoid using the unlink command in configfs on affected kernel versions until the patch is applied.
  • Monitor system stability and kernel logs for crashes related to this issue.

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart