Linux Kernel PCI Hyper-V Driver Vulnerability in Domain Number Handling
CVE-2026-43097

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 6 May 2026

What is CVE-2026-43097?

A vulnerability exists in the Linux kernel's PCI Hyper-V driver related to improper handling of the domain number during error cleanup. When the hv_pci_probe() function fails, it results in a situation where the domain number is freed twice. This dual free can trigger warnings in the system log, indicating the attempt to release an unallocated ID. To mitigate this issue, the kernel has been updated to allow the PCI core to manage the domain number's memory release appropriately, preventing potential system instability.

Affected Version(s)

Linux bcce8c74f1ce1e2731ac0261287897e3768767d8 < 21bc8e0ba5c2a081b0a2808c976d4c9dbddf1e48

Linux bcce8c74f1ce1e2731ac0261287897e3768767d8

Linux 6.19

References

https://git.kernel.org/stable/c/21bc8e0ba5c2a081b0a2808c9...

https://git.kernel.org/stable/c/b6422dff0e518245019233432...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 6, 2026
Vulnerability Reserved
May 1, 2026

CVE-2026-43097 Data

JSON