In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown epf_ntb_epc_destroy() duplicates the teardown that the caller is supposed to do later. This leads to an oops when .allow_link fails or when .drop_link is performed. Remove the helper. Also drop pci_epc_put(). EPC device refcounting is tied to configfs EPC group lifetime, and pci_epc_put() in the .drop_link path is sufficient.

A flaw was found in the Linux kernel, specifically within the PCI endpoint NTB (Non-Transparent Bridge) module. A programming error involving a duplicate resource teardown in the epf_ntb_epc_destroy() function can lead to a kernel 'oops', which is a system crash. This issue can be triggered during PCI link operations, such as allow_link or drop_link, potentially resulting in a denial of service for the affected system.

Red Hat Enterprise Linux 10 Not affected kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Not affected kernel Red Hat Enterprise Linux 8 Not affected kernel-rt Red Hat Enterprise Linux 9 Not affected kernel Red Hat Enterprise Linux 9 Not affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-46009 https://nvd.nist.gov/vuln/detail/CVE-2026-46009 https://lore.kernel.org/linux-cve-announce/2026052744-CVE-2026-46009-9254@gregkh/T