Skip to main content

Linux Kernel CVE-2026-43312

| EUVDEUVD-2026-28582 MEDIUM
2026-05-08 Linux GHSA-p2r3-p9wp-qrx6
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
SUSE
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 15, 2026 - 17:37 vuln.today
CVSS changed
May 15, 2026 - 17:37 NVD
5.5 (MEDIUM)
Patch available
May 08, 2026 - 14:33 EUVD
CVE Published
May 08, 2026 - 13:11 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

media: i2c: ov5647: Initialize subdev before controls

In ov5647_init_controls() we call v4l2_get_subdevdata, but it is initialized by v4l2_i2c_subdev_init() in the probe, which currently happens after init_controls(). This can result in a segfault if the error condition is hit, and we try to access i2c_client, so fix the order.

AnalysisAI

A use-after-free in the OmniVision OV5647 camera sensor driver (media: i2c: ov5647) can trigger a kernel crash. The ov5647_init_controls() function dereferences an uninitialized subdev pointer via v4l2_get_subdevdata() when error conditions occur during probe. This affects Linux kernel versions from 5.12 through multiple stable branches including 5.15.x, 6.1.x, 6.6.x, 6.12.x, 6.18.x, and 6.19.x prior to patches. Vendor patches available across all affected stable trees. EPSS exploitation probability is very low (0.02%, 7th percentile) with no public exploit identified at time of analysis.

Technical ContextAI

The vulnerability exists in the Video4Linux2 (V4L2) subsystem's OmniVision OV5647 image sensor driver (drivers/media/i2c/ov5647.c). The driver implements I2C communication with camera hardware commonly used in embedded systems like Raspberry Pi Camera Module v1. During device probe, the code calls ov5647_init_controls() before v4l2_i2c_subdev_init() initializes the subdev structure. When ov5647_init_controls() invokes v4l2_get_subdevdata() to retrieve the I2C client pointer, it dereferences uninitialized memory. If control initialization encounters an error and attempts cleanup, accessing the null or garbage i2c_client pointer causes a kernel NULL pointer dereference or segmentation fault. This is a classic initialization-order bug where dependent data structures are accessed before setup completes. The CPE strings confirm this affects the mainline Linux kernel and multiple stable branches. While no CWE is assigned, this represents improper initialization (similar to CWE-665) combined with null pointer dereference (CWE-476).

RemediationAI

Apply vendor-released patches from the Linux stable kernel trees: upgrade to Linux 5.15.202+, 6.1.165+, 6.6.128+, 6.12.75+, 6.18.16+, 6.19.6+, or 7.0+ depending on your kernel series. Patches available at git.kernel.org commit IDs cabd025182cfed4a19b3aab57493e312d681e398 (mainline), 8ecb21c20387cc0c8aa00489a21ccc69f6b0f5d1, 2dedda97a64e7735844609c6c77c0dd953d73833, eee13cbccacb6d0a3120c126b8544030905b069d, fb69e4842f5b463ff5f121d2ac7746014e3477ea, 59e372aa4cf60e2500eba7f978acdcb18bb49032, and f2a1998bc0053ebfe137f65081ed13afd9f34502 for respective stable trees. If immediate patching is not feasible, temporary mitigation involves blacklisting the ov5647 kernel module (add 'blacklist ov5647' to /etc/modprobe.d/blacklist.conf and rebuild initramfs) to prevent the driver from loading. This workaround eliminates functionality for OV5647 camera hardware. Side effect: camera devices using this sensor will be non-functional until the driver is re-enabled post-patch. This mitigation is only viable for systems where OV5647 camera functionality is non-critical. No network-level compensating controls are applicable since the vulnerability requires local authenticated access.

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-43312 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy