CVE-2026-46239
Runtime PM Refcount Leak in Linux Kernel ov5647 Camera Driver
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's media i2c driver for the ov5647 device. Specifically, three control cases (AUTOGAIN, EXPOSURE_AUTO, ANALOGUE_GAIN) in the code return early without calling the function pm_runtime_put(), which leads to a runtime power management (PM) reference count leak.
The fix changes these early returns to a pattern that ensures pm_runtime_put() is always called before the function exits, preventing the reference count leak.
How can this vulnerability impact me? :
The impact of this vulnerability is a runtime power management reference count leak in the Linux kernel's media i2c driver for the ov5647 device. This leak can cause improper power management behavior, potentially leading to increased power consumption or resource exhaustion related to power management.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed by updating the Linux kernel to a version where the runtime PM refcount leak in the ov5647 i2c driver is resolved.
Specifically, ensure your system is running a kernel version that includes the patch changing the control cases (AUTOGAIN, EXPOSURE_AUTO, ANALOGUE_GAIN) to call pm_runtime_put() properly before function exit.
Therefore, the immediate step is to apply the relevant kernel update or patch provided by your Linux distribution.