CVE-2026-43355

MEDIUM

iio: light: bh1780: fix PM runtime leak on error path

Title source: cna

Description

In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1780: fix PM runtime leak on error path Move pm_runtime_put_autosuspend() before the error check to ensure the PM runtime reference count is always decremented after pm_runtime_get_sync(), regardless of whether the read operation succeeds or fails.

References (6)

Core 6

Core References

https://git.kernel.org/stable/c/1eb3af4f59e09323788860a9155e9766b12891e5

https://git.kernel.org/stable/c/424bf90e87134effe4bd932608a15286493b11ab

https://git.kernel.org/stable/c/fc77e0a5600e620a2ae51ec78933162fb217b20b

https://git.kernel.org/stable/c/aae572ddc28578af476cce7da3faec0395ef0bf0

https://git.kernel.org/stable/c/33661bfc85c14836bfef4425a74b0ca2df4bb5ad

https://git.kernel.org/stable/c/dd72e6c3cdea05cad24e99710939086f7a113fb5

Scores

CVSS v3 5.5

EPSS 0.0001

EPSS Percentile 2.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-401

Status published

Products (16)

Linux/Linux < 4.7

Linux/Linux 1f0477f18306c018a954e4f333690a9d0f7efc76 - 1eb3af4f59e09323788860a9155e9766b12891e5

Linux/Linux 1f0477f18306c018a954e4f333690a9d0f7efc76 - 33661bfc85c14836bfef4425a74b0ca2df4bb5ad

Linux/Linux 1f0477f18306c018a954e4f333690a9d0f7efc76 - 424bf90e87134effe4bd932608a15286493b11ab

Linux/Linux 1f0477f18306c018a954e4f333690a9d0f7efc76 - aae572ddc28578af476cce7da3faec0395ef0bf0

Linux/Linux 1f0477f18306c018a954e4f333690a9d0f7efc76 - dd72e6c3cdea05cad24e99710939086f7a113fb5

Linux/Linux 1f0477f18306c018a954e4f333690a9d0f7efc76 - fc77e0a5600e620a2ae51ec78933162fb217b20b

Linux/Linux 4.7

Linux/Linux 5.10.253 - 5.10.*

Linux/Linux 6.1.167 - 6.1.*

... and 6 more

Published May 08, 2026

Tracked Since May 08, 2026