In the Linux kernel, the following vulnerability has been resolved:
PCI: hv: Fix double idafree in hvpci_probe error path
If hvpciprobe() fails after storing the domain number in hbus->bridge->domainnr, there is a call to free this domainnr via pcibusreleaseemuldomainnr(), however, during cleanup, the bridge release callback pcireleasehostbridgedev() also frees the domainnr causing ida_free to be called on same ID twice and triggering following warning:
idafree called for id=28971 which is not allocated. WARNING: lib/idr.c:594 at idafree+0xdf/0x160, CPU#0: kworker/0:2/198 Call Trace: pcibusreleaseemuldomainnr+0x17/0x20 pcireleasehostbridgedev+0x4b/0x60 devicerelease+0x3b/0xa0 kobjectput+0x8e/0x220 devmpciallochostbridgerelease+0xe/0x20 devresreleaseall+0x9a/0xd0 deviceunbindcleanup+0x12/0xa0 reallyprobe+0x1c5/0x3f0 vmbusaddchannelwork+0x135/0x1a0
Fix this by letting pci core handle the free domain_nr and remove the explicit free called in pci-hyperv driver.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43097.json",
"cna_assigner": "Linux"
}