CVE-2026-43097
Double Free in Linux Kernel PCI Hyper-V Driver
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's PCI Hyper-V driver (hv_pci). When the hv_pci_probe() function fails after storing a domain number, the domain number is freed twice due to overlapping cleanup routines. Specifically, pci_bus_release_emul_domain_nr() frees the domain number, and then the bridge release callback pci_release_host_bridge_dev() also frees it again. This double free triggers a warning indicating that ida_free was called on an ID that is not allocated.
The issue is fixed by removing the explicit free call in the pci-hyperv driver and allowing the PCI core to handle freeing the domain number properly.
How can this vulnerability impact me? :
The vulnerability causes a double free of a domain number ID in the PCI Hyper-V driver, which triggers kernel warnings. While the description does not explicitly mention exploitation or system crashes, double free bugs can potentially lead to memory corruption, instability, or denial of service in the kernel.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the system logs for specific warning messages related to the double free of domain numbers in the PCI Hyper-V driver.
Look for kernel warnings similar to the following in your system logs:
- ida_free called for id=XXXX which is not allocated.
- WARNING: lib/idr.c:594 at ida_free+0xdf/0x160
You can use commands like the following to check for these warnings in your logs:
- dmesg | grep ida_free
- journalctl -k | grep ida_free
- grep -i 'ida_free called for id' /var/log/kern.log
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not include any details about the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your Linux kernel to a version where the pci-hyperv driver no longer explicitly frees the domain number, allowing the PCI core to handle it properly.
This fix prevents the double free by removing the explicit free call in the pci-hyperv driver during error cleanup.
If updating the kernel immediately is not possible, monitor for the warning messages and avoid using affected PCI Hyper-V features that trigger hv_pci_probe failures.