CVE-2026-43355
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile - higher than 2% of all known CVEs
Summary
A vulnerability was found in the Linux kernel's bh1780 light sensor driver, causing a PM runtime reference count leak on the error path. The issue occurs because pm_runtime_put_autosuspend() is not called when a read operation fails, leading to improper power management state.
Risk Assessment
The PM runtime reference leak can lead to improper device power management, potentially causing increased power consumption or preventing the device from entering power-saving modes. Over time, this may affect system stability and reduce battery life in portable devices.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit addressing the issue). Monitor official security advisories from your Linux distribution for the appropriate patch.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1780: fix PM runtime leak on error path Move pm_runtime_put_autosuspend() before the error check to ensure the PM runtime reference count is always decremented after pm_runtime_get_sync(), regardless of whether the read operation succeeds or fails.

