CVE-2026-43312

Vulnerability

Overview

In the Linux kernel's ov5647 camera sensor driver (media/i2c/ov5647) contains an initialization ordering flaw. In ov5647_init_controls(), the function calls v4l2_get_subdevdata() before v4l2_i2c_subdev_init() has been executed in the probe path. Because v4l2_get_subdevdata returns a pointer that is only set by v4l2_i2c_subdev_init, accessing it prematurely leads to dereferencing a null or uninitialized pointer, causing a segmentation fault if an error condition is hit [1].

Exploitation and

Impact

An attacker would need ability to trigger the error path in the ov5647_init_controls() function, typically by causing a memory allocation failure or other error or an invalid control initialization. The vulnerability does not require special privileges beyond the ability to cause the driver to probe (e.g., by attaching a malicious I2C device or exploiting a system with this sensor hardware). On systems using this driver, a local attacker or crafted device could cause a kernel crash (denial of service), potentially leading to system unavailability [1].

Mitigation

Status

The fix is committed to the Linux kernel stable tree in commit 8ecb21c20387cc0c8aa00489a21ccc69f6b0f5d1 [1]. It reorders the probe sequence so that v4l2_i2c_subdev_init() is called before ov5647_init_controls(). Users should apply the kernel patch or update to a kernel version containing the backport.