CVE-2026-43200
Analyzed Analyzed - Analysis Complete
PCI Endpoint Parameter Swap in Linux Kernel

Publication date: 2026-05-06

Last updated on: 2026-05-11

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions struct configfs_item_operations callbacks are defined like the following: int (*allow_link)(struct config_item *src, struct config_item *target); void (*drop_link)(struct config_item *src, struct config_item *target); While pci_primary_epc_epf_link() and pci_secondary_epc_epf_link() specify the parameters in the correct order, pci_primary_epc_epf_unlink() and pci_secondary_epc_epf_unlink() specify the parameters in the wrong order, leading to the below kernel crash when using the unlink command in configfs: Unable to handle kernel paging request at virtual address 0000000300000857 Mem abort info: ... pc : string+0x54/0x14c lr : vsnprintf+0x280/0x6e8 ... string+0x54/0x14c vsnprintf+0x280/0x6e8 vprintk_default+0x38/0x4c vprintk+0xc4/0xe0 pci_epf_unbind+0xdc/0x108 configfs_unlink+0xe0/0x208+0x44/0x74 vfs_unlink+0x120/0x29c __arm64_sys_unlinkat+0x3c/0x90 invoke_syscall+0x48/0x134 do_el0_svc+0x1c/0x30prop.0+0xd0/0xf0 [mani: cced stable, changed commit message as per https://lore.kernel.org/linux-pci/aV9joi3jF1R6ca02@ryzen]
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-11
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-14
NVD
CVE-2026-43200
EUVD
EUVD-2026-27761
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.2 (inc) to 6.6.128 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.75 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.16 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.6 (exc)
linux linux_kernel From 5.16 (inc) to 6.1.165 (exc)
linux linux_kernel From 5.12 (inc) to 5.15.202 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's PCI endpoint code where two functions, pci_primary_epc_epf_unlink() and pci_secondary_epc_epf_unlink(), have their parameters swapped incorrectly compared to the expected order defined by struct configfs_item_operations callbacks.

Because of this parameter swap, when the unlink command is used in configfs, it causes a kernel crash due to an invalid memory access (kernel paging request failure). This crash occurs during the unlink operation, leading to instability in the kernel.

Impact Analysis

This vulnerability can cause the Linux kernel to crash when the unlink command is executed in configfs related to PCI endpoint functions. Such a crash can lead to system instability, potential denial of service, and unexpected reboots or downtime.

Detection Guidance

This vulnerability causes a kernel crash when using the unlink command in configfs due to swapped parameters in pci_primary_epc_epf_unlink() and pci_secondary_epc_epf_unlink() functions.

Detection can involve monitoring for kernel crash logs or messages related to "Unable to handle kernel paging request" or crashes involving pci_epf_unbind, configfs_unlink, or vfs_unlink functions.

Specifically, checking kernel logs (e.g., using dmesg) for crash traces similar to the following can indicate the presence of this issue:

  • dmesg | grep -i 'Unable to handle kernel paging request'
  • dmesg | grep -E 'pci_epf_unbind|configfs_unlink|vfs_unlink'

Additionally, attempting to use the unlink command in configfs and observing if it triggers a kernel crash can help confirm the vulnerability.

Mitigation Strategies

The vulnerability is resolved by fixing the swapped parameters in the pci_primary_epc_epf_unlink() and pci_secondary_epc_epf_unlink() functions in the Linux kernel.

Immediate mitigation steps include:

  • Update the Linux kernel to a version that includes the fix for this vulnerability.
  • Avoid using the unlink command in configfs on affected kernel versions until the patch is applied.
  • Monitor system stability and kernel logs for crashes related to this issue.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43200. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart