CVE-2026-43312
Received Received - Intake
Linux Kernel Media Driver ov5647 Subdev Initialization Flaw

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Initialize subdev before controls In ov5647_init_controls() we call v4l2_get_subdevdata, but it is initialized by v4l2_i2c_subdev_init() in the probe, which currently happens after init_controls(). This can result in a segfault if the error condition is hit, and we try to access i2c_client, so fix the order.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-05-09
AI Q&A
2026-05-08
EPSS Evaluated
N/A
NVD
CVE-2026-43312
EUVD
EUVD-2026-28582
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's media i2c driver for the ov5647 device. The issue arises because the sub-device is not initialized before controls are set up. Specifically, the function ov5647_init_controls() calls v4l2_get_subdevdata, but the sub-device initialization via v4l2_i2c_subdev_init() happens later in the probe function. This incorrect order can cause a segmentation fault if an error condition occurs and the code tries to access the i2c_client before it is properly initialized.


How can this vulnerability impact me? :

This vulnerability can cause a segmentation fault in the Linux kernel when the ov5647 driver encounters an error condition. A segmentation fault can lead to a kernel crash or instability, potentially causing system downtime or requiring a reboot.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart