In the Linux kernel, the following vulnerability has been resolved:
media: i2c: ov5647: Initialize subdev before controls
In ov5647initcontrols() we call v4l2getsubdevdata, but it is initialized by v4l2i2csubdevinit() in the probe, which currently happens after initcontrols(). This can result in a segfault if the error condition is hit, and we try to access i2c_client, so fix the order.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43312.json",
"cna_assigner": "Linux"
}