CVE-2026-46009 Linux CVE debrief

Who should care

Organizations running Linux systems with PCI Endpoint NTB hardware, particularly those in embedded, data center, or high-performance computing environments utilizing non-transparent bridge functionality for inter-processor communication.

Technical summary

The vulnerability resides in `drivers/pci/endpoint/functions/pci-epf-ntb.c`. The `epf_ntb_epc_destroy()` function incorrectly performs resource cleanup that duplicates caller responsibilities. This causes use-after-free conditions when the NTB link state changes, specifically during failed `.allow_link` operations or `.drop_link` execution. The fix removes the helper entirely and corrects reference counting by removing the extraneous `pci_epc_put()` call, relying instead on configfs-managed EPC group lifetime.

Defensive priority

medium

Recommended defensive actions

• Apply kernel updates containing the referenced stable tree commits
• Review systems utilizing PCI Endpoint NTB functionality for kernel stability
• Monitor kernel logs for oops messages related to NTB link operations during `.allow_link` or `.drop_link` events
• Validate NTB configurations in test environments before production deployment

Evidence notes

Vulnerability confirmed by Linux kernel stable tree commits. The issue manifests as a kernel oops during NTB link management operations. Multiple stable kernel branches received backported fixes.

Official resources