CVE-2026-43312 - Vulnerability Details

- media: i2c: ov5647: Initialize subdev before controls

Description

In the Linux kernel, the following vulnerability has been resolved:

media: i2c: ov5647: Initialize subdev before controls

In ov5647_init_controls() we call v4l2_get_subdevdata, but it is
initialized by v4l2_i2c_subdev_init() in the probe, which currently
happens after init_controls(). This can result in a segfault if the
error condition is hit, and we try to access i2c_client, so fix the
order.

Published: 2026-05-08

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

In the Linux kernel, the ov5647 camera driver incorrectly calls a function to retrieve device data before the device data structure has been initialized, leading to a segmentation fault when an error condition occurs. This results in a kernel crash, causing a complete system denial of service without providing any remote attack surface. The weakness is a classic improper initialization problem that allows the system to dereference an uninitialized pointer.

Affected Systems

The vulnerability affects the Linux kernel in all distributions where the ov5647 driver is compiled. No specific kernel versions are listed, so all current kernels that include the driver are potentially impacted until a patched version is available.

Risk and Exploitability

The CVSS score is not provided, and the EPSS score is unavailable, but the absence of a known exploit in the CISA KEV database suggests the risk is moderate. Exploitation would require local or physical access to the machine hosting the ov5647 camera module to trigger the probe, and the attack vector is inferred to be local. Given the potential for a kernel crash, the vulnerability should be treated with high priority.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`4974c2f19fd810ec9a4e534bfc69e176256b7a03`	affected	< f2a1998bc0053ebfe137f65081ed13afd9f34502
`4974c2f19fd810ec9a4e534bfc69e176256b7a03`	affected	< 59e372aa4cf60e2500eba7f978acdcb18bb49032
`4974c2f19fd810ec9a4e534bfc69e176256b7a03`	affected	< cabd025182cfed4a19b3aab57493e312d681e398
`4974c2f19fd810ec9a4e534bfc69e176256b7a03`	affected	< 2dedda97a64e7735844609c6c77c0dd953d73833
`4974c2f19fd810ec9a4e534bfc69e176256b7a03`	affected	< 8ecb21c20387cc0c8aa00489a21ccc69f6b0f5d1
`4974c2f19fd810ec9a4e534bfc69e176256b7a03`	affected	< fb69e4842f5b463ff5f121d2ac7746014e3477ea
`4974c2f19fd810ec9a4e534bfc69e176256b7a03`	affected	< eee13cbccacb6d0a3120c126b8544030905b069d

Linux

affected

Version	Status	Constraints
`5.12`	affected	—
`0`	unaffected	< 5.12
`5.15.202`	unaffected	≤ 5.15.*
`6.1.165`	unaffected	≤ 6.1.*
`6.6.128`	unaffected	≤ 6.6.*
`6.12.75`	unaffected	≤ 6.12.*
`6.18.16`	unaffected	≤ 6.18.*
`6.19.6`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[4974c2f19fd810ec9a4e534bfc69e176256b7a03,f2a1998bc0053ebfe137f65081ed13afd9f34502)`	affected	code_commit	—
`[4974c2f19fd810ec9a4e534bfc69e176256b7a03,59e372aa4cf60e2500eba7f978acdcb18bb49032)`	affected	code_commit	—
`[4974c2f19fd810ec9a4e534bfc69e176256b7a03,cabd025182cfed4a19b3aab57493e312d681e398)`	affected	code_commit	—
`[4974c2f19fd810ec9a4e534bfc69e176256b7a03,2dedda97a64e7735844609c6c77c0dd953d73833)`	affected	code_commit	—
`[4974c2f19fd810ec9a4e534bfc69e176256b7a03,8ecb21c20387cc0c8aa00489a21ccc69f6b0f5d1)`	affected	code_commit	—
`[4974c2f19fd810ec9a4e534bfc69e176256b7a03,fb69e4842f5b463ff5f121d2ac7746014e3477ea)`	affected	code_commit	—
`[4974c2f19fd810ec9a4e534bfc69e176256b7a03,eee13cbccacb6d0a3120c126b8544030905b069d)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`5.12`	affected	generic	—
`[0,5.12)`	unaffected	generic	—
`[5.15.202,5.16.0)`	unaffected	semver	—
`[6.1.165,6.2.0)`	unaffected	semver	—
`[6.6.128,6.7.0)`	unaffected	semver	—
`[6.12.75,6.13.0)`	unaffected	semver	—
`[6.18.16,6.19.0)`	unaffected	semver	—
`[6.19.6,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Apply the latest stable Linux kernel that incorporates the patch to the ov5647 driver.
If a kernel update is not immediately possible, temporarily disable or unplug the ov5647 camera module to prevent the driver from loading until it can be patched.
After applying the update, restart any applications or services that depend on the camera driver so they reinitialize correctly.

Generated by OpenCVE AI on May 8, 2026 at 15:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/2dedda97a64e7735844609c6c77c0dd953d73833
https://git.kernel.org/stable/c/59e372aa4cf60e2500eba7f978acdcb18bb49032
https://git.kernel.org/stable/c/8ecb21c20387cc0c8aa00489a21ccc69f6b0f5d1
https://git.kernel.org/stable/c/cabd025182cfed4a19b3aab57493e312d681e398
https://git.kernel.org/stable/c/eee13cbccacb6d0a3120c126b8544030905b069d
https://git.kernel.org/stable/c/f2a1998bc0053ebfe137f65081ed13afd9f34502
https://git.kernel.org/stable/c/fb69e4842f5b463ff5f121d2ac7746014e3477ea

History

Fri, 08 May 2026 15:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-457 CWE-665

Fri, 08 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Initialize subdev before controls In ov5647_init_controls() we call v4l2_get_subdevdata, but it is initialized by v4l2_i2c_subdev_init() in the probe, which currently happens after init_controls(). This can result in a segfault if the error condition is hit, and we try to access i2c_client, so fix the order.
Title		media: i2c: ov5647: Initialize subdev before controls
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2dedda97a64e7735844609c6c77c0dd953d73833 https://git.kernel.org/stable/c/59e372aa4cf60e2500eba7f978acdcb18bb49032 https://git.kernel.org/stable/c/8ecb21c20387cc0c8aa00489a21ccc69f6b0f5d1 https://git.kernel.org/stable/c/cabd025182cfed4a19b3aab57493e312d681e398 https://git.kernel.org/stable/c/eee13cbccacb6d0a3120c126b8544030905b069d https://git.kernel.org/stable/c/f2a1998bc0053ebfe137f65081ed13afd9f34502 https://git.kernel.org/stable/c/fb69e4842f5b463ff5f121d2ac7746014e3477ea

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-08T13:11:29.719Z

Updated: 2026-05-08T13:11:29.719Z

Reserved: 2026-05-01T14:12:56.001Z

Link: CVE-2026-43312

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T14:16:39.587

Modified: 2026-05-08T14:16:39.587

Link: CVE-2026-43312

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-08T16:15:12Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object