Bug 2468123 (CVE-2026-43312)

Summary:	CVE-2026-43312 kernel: media: i2c: ov5647: Initialize subdev before controls
Product:	[Other] Security Response	Reporter:	OSIDB Bzimport <bzimport>
Component:	vulnerability	Assignee:	Product Security DevOps Team <prodsec-dev>
Status:	NEW ---	QA Contact:
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	unspecified	CC:	rhel-process-autobot, watson-tool-maintainers
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	---
Doc Text:	A flaw was found in the Linux kernel's ov5647 driver. An issue in the initialization order of the subdevice, where `v4l2_get_subdevdata` is called before the subdevice is properly initialized, can lead to a segmentation fault. This can result in a system crash, causing a Denial of Service (DoS).	Story Points:	---
Clone Of:		Environment:
Last Closed:		Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-05-08 14:05:38 UTC

In the Linux kernel, the following vulnerability has been resolved:

media: i2c: ov5647: Initialize subdev before controls

In ov5647_init_controls() we call v4l2_get_subdevdata, but it is
initialized by v4l2_i2c_subdev_init() in the probe, which currently
happens after init_controls(). This can result in a segfault if the
error condition is hit, and we try to access i2c_client, so fix the
order.

Comment 1 Keith Grant 2026-05-08 18:58:45 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026050800-CVE-2026-43312-b723@gregkh/T