CVE-2026-46239 - Vulnerability Details

- media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl

Description

In the Linux kernel, the following vulnerability has been resolved:

media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl

Three control cases (AUTOGAIN, EXPOSURE_AUTO, ANALOGUE_GAIN) directly
return without calling pm_runtime_put(), causing runtime PM reference
count leaks.

Change these cases from 'return' to 'ret = ... break' pattern to ensure
pm_runtime_put() is always called before function exit.

Published: 2026-05-28

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The Linux kernel media driver for the ov5647 camera module was modified to fix a reference‑count leak that could cause the runtime power management to accumulate unreleased references across three control cases: AUTOGAIN, EXPOSURE_AUTO, and ANALOGUE_GAIN. Because the driver returned early without decrementing the runtime PM counter, repeated use of these controls could inflate the reference count permanently, locking the device in a powered‑on state or exhausting kernel resources. This flaw is a classic resource‑leak weakness, reflected in NVD-CWE-Other and is also associated with CWE‑911.

Affected Systems

Any system running the Linux kernel with the ov5647 I2C driver prior to the application of the fix is potentially affected. The vendor of the affected component is the Linux Kernel project; no specific kernel release range is given in the advisory, so all kernel versions that incorporated the vulnerable driver code before the patch should be considered at risk.

Risk and Exploitability

The exploitation of this vulnerability is constrained to environments where the flawed driver code can be exercised. It is inferred that an attacker with privileged or local access could trigger the problematic controls repeatedly to accumulate reference counts until the runtime PM subsystem can no longer release the device, effectively causing a denial‑of‑service. The EPSS score of 0.00024 indicates a very low probability of exploitation, and the vulnerability is not listed in CISA’s KEV catalog, but the potential for a local resource exhaustion attack remains.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`4f66f36388d5668c215f107a4e1ce1a707251ff5`	affected	< 6b03ecf75bda5900b8e661eb75656f631b598bc2
`4f66f36388d5668c215f107a4e1ce1a707251ff5`	affected	< f11ae9c04f8368a3b5a0280ef595198dace1c983

Linux

affected

Version	Status	Constraints
`7.0`	affected	—
`0`	unaffected	< 7.0
`7.0.9`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

Configuration 1 [-]

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[4f66f36388d5668c215f107a4e1ce1a707251ff5,6b03ecf75bda5900b8e661eb75656f631b598bc2)`	affected	code_commit	—
`[4f66f36388d5668c215f107a4e1ce1a707251ff5,f11ae9c04f8368a3b5a0280ef595198dace1c983)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[7.0,7.0]`	affected	generic	—
`[0,7.0)`	unaffected	generic	—
`[7.0.9,7.1.0)`	unaffected	generic	—
`[7.1-rc1,*]`	unaffected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the kernel to a version that contains the patch which changes the return logic to ensure pm_runtime_put() is always called
As a temporary workaround, disable the AUTOGAIN, EXPOSURE_AUTO, and ANALOGUE_GAIN controls in the driver or via user‑space configuration to prevent the reference leak
Periodically monitor runtime PM reference counts and device availability during heavy use to detect any abnormal persistence of active references

Generated by OpenCVE AI on June 10, 2026 at 23:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00104.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/6b03ecf75bda5900b8e661eb75656f631b598bc2
https://git.kernel.org/stable/c/f11ae9c04f8368a3b5a0280ef595198dace1c983
https://lore.kernel.org/linux-cve-announce/2026052841-CVE-2026-46239-e83d@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-46239
https://www.cve.org/CVERecord?id=CVE-2026-46239

History

Wed, 10 Jun 2026 21:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-Other
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}`

Sat, 30 May 2026 02:15:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-401

Sat, 30 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-911
References		https://lore.kernel.org/linux-cve-announce/2026052841-CVE-2026-46239-e83d@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-46239 https://www.cve.org/CVERecord?id=CVE-2026-46239

Thu, 28 May 2026 13:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-401

Thu, 28 May 2026 10:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl Three control cases (AUTOGAIN, EXPOSURE_AUTO, ANALOGUE_GAIN) directly return without calling pm_runtime_put(), causing runtime PM reference count leaks. Change these cases from 'return' to 'ret = ... break' pattern to ensure pm_runtime_put() is always called before function exit.
Title		media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/6b03ecf75bda5900b8e661eb75656f631b598bc2 https://git.kernel.org/stable/c/f11ae9c04f8368a3b5a0280ef595198dace1c983

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-28T09:41:07.609Z

Updated: 2026-06-14T18:05:01.235Z

Reserved: 2026-05-13T15:03:33.107Z

Link: CVE-2026-46239

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2026-05-28T10:16:39.527

Modified: 2026-06-10T21:06:02.010

Link: CVE-2026-46239

Redhat

Severity :

Publid Date: 2026-05-28T00:00:00Z

Links: CVE-2026-46239 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-10T23:15:28Z

Weaknesses

CWE-911
Improper Update of Reference Count
NVD-CWE-Other

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object