CVE-2026-46239 Linux CVE debrief

Who should care

Organizations deploying Linux-based embedded systems with OV5647 camera sensors; IoT device manufacturers; kernel maintainers for distributions supporting ARM/embedded platforms; security teams tracking kernel driver quality issues

Technical summary

The OV5647 is an OmniVision 5-megapixel CMOS image sensor commonly used in embedded systems including Raspberry Pi cameras. The driver implements V4L2 subdevice controls through ov5647_s_ctrl(). When handling V4L2_CID_AUTOGAIN, V4L2_CID_EXPOSURE_AUTO, or V4L2_CID_ANALOGUE_GAIN controls, the original code performed immediate returns after pm_runtime_get_sync(), skipping the mandatory pm_runtime_put() call at function exit. The corrected implementation assigns return values to 'ret' and breaks to common cleanup code, ensuring balanced runtime PM reference counting. This defect could prevent the sensor from reaching low-power states or cause pm_runtime_get_sync() to hang on subsequent calls when the reference count saturates.

Defensive priority

medium

Recommended defensive actions

• Apply kernel patches from stable branches when available; commits 6b03ecf75bda and f11ae9c04f836 contain the fix
• Monitor NVD for CVSS scoring once analysis completes
• Verify OV5647 driver usage in deployed systems via 'lsmod | grep ov5647' or device tree inspection
• Review custom V4L2 control implementations for similar pm_runtime_get/put imbalance patterns
• Enable CONFIG_DEBUG_FS and inspect /sys/kernel/debug/pm_runtime for abnormal reference counts on ov5647 devices if runtime PM issues suspected

Evidence notes

Vulnerability confirmed by kernel commit messages describing the refcount leak pattern and fix implementation. No CVSS score assigned; NVD status 'Awaiting Analysis'. Vendor identification marked low confidence requiring review—'Unknown Vendor' with 'Kernel' domain evidence.

Official resources