CVE Catalog

CVE-2026-46239

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.01%

3th percentile - higher than 3% of all known CVEs

Summary

A vulnerability has been identified in the Linux kernel related to a runtime PM reference count leak in the i2c module for the ov5647 camera. The issue involves three control cases that do not call pm_runtime_put(), leading to reference count leaks.

Risk Assessment

The reference count leak may lead to inefficient resource management, potentially affecting the stability and performance of the system in the long run.

Recommendation

It is recommended to update the Linux kernel to a version where this vulnerability has been fixed to ensure proper runtime reference management.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl Three control cases (AUTOGAIN, EXPOSURE_AUTO, ANALOGUE_GAIN) directly return without calling pm_runtime_put(), causing runtime PM reference count leaks. Change these cases from 'return' to 'ret = ... break' pattern to ensure pm_runtime_put() is always called before function exit.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS