Denial of Service Vulnerability in Linux Kernel SP804 Timer by Vendor
CVE-2026-46257

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 3 June 2026

What is CVE-2026-46257?

A vulnerability in the Linux kernel related to the SP804 timer can lead to a Denial of Service condition. When read_current_timer is called on ARM32 platforms where the SP804 is not registered as the sched_clock, it can cause a kernel Oops. This issue arises because the delay timer shares the same clkevt instance with sched_clock, leading to improper initialization of the sched_clkevt and ultimately resulting in access violations. To mitigate this, it is advised to declare a distinct clkevt instance for the delay timer, ensuring reliable operation of read_current_timer across different platform configurations.

Affected Version(s)

Linux 640594a04f119338019b0aeed70c7301216595b3 < 693b0b594b0f278bafa784984129c0c0f988e352

Linux 640594a04f119338019b0aeed70c7301216595b3 < 694921a93f3e3621e067afc545cedf6fe3b234a9

Linux 6.19

References

https://git.kernel.org/stable/c/693b0b594b0f278bafa784984...

https://git.kernel.org/stable/c/694921a93f3e3621e067afc54...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 3, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46257 Data

JSON