Primary

Context

Linux Kernel Runtime Reference Count Leak Vulnerability in OV5647 I2C Driver

Vulnerability

Patched

A runtime reference count leak vulnerability has been identified in the Linux kernel's OV5647 I2C driver. This issue arises because the driver improperly handles three control cases—AUTOGAIN, EXPOSURE_AUTO, and ANALOGUE_GAIN—by directly returning values without first calling 'pm_runtime_put()'. This oversight leads to a leak in the runtime power management reference count. The vulnerability affects the stable versions of the Linux kernel.

Impact

The vulnerability causes a runtime power management reference count leak, which can lead to improper management of power states and potentially cause performance issues or increased power consumption.

Remediation

Users can apply the latest patch available in the Linux kernel stable tree to address this vulnerability. The patch can be downloaded from the Linux kernel Git repository.

Added: May 28, 2026, 10:29 AM

Updated: May 28, 2026, 10:29 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

7.7

relevance

9.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

7.7

relevance

9.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Runtime Reference Count Leak Vulnerability in OV5647 I2C Driver

Vulnerability

Impact

Remediation

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating