Linux Kernel Vulnerability in Media Control for OV5647 Camera Driver
CVE-2026-46239

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 28 May 2026

What is CVE-2026-46239?

A vulnerability in the Linux kernel's media control implementation for the OV5647 camera driver can lead to runtime power management reference count leaks. This occurs due to the improper handling of three control cases, specifically AUTOGAIN, EXPOSURE_AUTO, and ANALOGUE_GAIN, which currently return without executing the necessary pm_runtime_put() function. To address this, the implementation must be updated to use a 'ret = ... break' pattern, ensuring that pm_runtime_put() is always invoked before exiting the function. This correction helps maintain the integrity of runtime power management and prevents unnecessary resource consumption.

Affected Version(s)

Linux 4f66f36388d5668c215f107a4e1ce1a707251ff5 < 6b03ecf75bda5900b8e661eb75656f631b598bc2

Linux 4f66f36388d5668c215f107a4e1ce1a707251ff5

Linux 7.0

References

https://git.kernel.org/stable/c/6b03ecf75bda5900b8e661eb7...

https://git.kernel.org/stable/c/f11ae9c04f8368a3b5a0280ef...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 28, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46239 Data

JSON