CVE-2026-46239
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk3th percentile - higher than 3% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel related to a runtime PM reference count leak in the i2c module for the ov5647 camera. The issue involves three control cases that do not call pm_runtime_put(), leading to reference count leaks.
Risk Assessment
The reference count leak may lead to inefficient resource management, potentially affecting the stability and performance of the system in the long run.
Recommendation
It is recommended to update the Linux kernel to a version where this vulnerability has been fixed to ensure proper runtime reference management.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl Three control cases (AUTOGAIN, EXPOSURE_AUTO, ANALOGUE_GAIN) directly return without calling pm_runtime_put(), causing runtime PM reference count leaks. Change these cases from 'return' to 'ret = ... break' pattern to ensure pm_runtime_put() is always called before function exit.

