Home

Description

In the Linux kernel, the following vulnerability has been resolved: PCI: hv: Fix double ida_free in hv_pci_probe error path If hv_pci_probe() fails after storing the domain number in hbus->bridge->domain_nr, there is a call to free this domain_nr via pci_bus_release_emul_domain_nr(), however, during cleanup, the bridge release callback pci_release_host_bridge_dev() also frees the domain_nr causing ida_free to be called on same ID twice and triggering following warning: ida_free called for id=28971 which is not allocated. WARNING: lib/idr.c:594 at ida_free+0xdf/0x160, CPU#0: kworker/0:2/198 Call Trace: pci_bus_release_emul_domain_nr+0x17/0x20 pci_release_host_bridge_dev+0x4b/0x60 device_release+0x3b/0xa0 kobject_put+0x8e/0x220 devm_pci_alloc_host_bridge_release+0xe/0x20 devres_release_all+0x9a/0xd0 device_unbind_cleanup+0x12/0xa0 really_probe+0x1c5/0x3f0 vmbus_add_channel_work+0x135/0x1a0 Fix this by letting pci core handle the free domain_nr and remove the explicit free called in pci-hyperv driver.

PUBLISHED Reserved 2026-05-01 | Published 2026-05-06 | Updated 2026-05-06 | Assigner Linux

Product status

Default status
unaffected

bcce8c74f1ce1e2731ac0261287897e3768767d8 (git) before 21bc8e0ba5c2a081b0a2808c976d4c9dbddf1e48
affected

bcce8c74f1ce1e2731ac0261287897e3768767d8 (git) before b6422dff0e518245019233432b6bccfc30b73e2f
affected

Default status
affected

6.19
affected

Any version before 6.19
unaffected

6.19.14 (semver)
unaffected

7.0 (original_commit_for_fix)
unaffected

References

git.kernel.org/...c/21bc8e0ba5c2a081b0a2808c976d4c9dbddf1e48

git.kernel.org/...c/b6422dff0e518245019233432b6bccfc30b73e2f

cve.org (CVE-2026-43097)

nvd.nist.gov (CVE-2026-43097)

Download JSON