clk: microchip: mpfs-ccc: fix out of bounds access during output registration
CVE-2026-46293

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 8 June 2026

What is CVE-2026-46293?

In the Linux kernel, the following vulnerability has been resolved:

clk: microchip: mpfs-ccc: fix out of bounds access during output registration

UBSAN reported an out of bounds access during registration of the last two outputs. This out of bounds access occurs because space is only allocated in the hws array for two PLLs and the four output dividers that each has, but the defined IDs contain two DLLS and their two outputs each, which are not supported by the driver. The ID order is PLLs -> DLLs -> PLL outputs -> DLL outputs. Decrement the PLL output IDs by two while adding them to the array to avoid the problem.

Affected Version(s)

Linux d39fb172760e426e0628f16b785c85e16d17bd5e < 9ed9b580a814773482c0a4f1be045636e68cc109

Linux d39fb172760e426e0628f16b785c85e16d17bd5e < 47bc7a03449c39805bc2665d3e57c73195d5bcf8

Linux d39fb172760e426e0628f16b785c85e16d17bd5e

References

https://git.kernel.org/stable/c/9ed9b580a814773482c0a4f1b...

https://git.kernel.org/stable/c/47bc7a03449c39805bc2665d3...

https://git.kernel.org/stable/c/dbfcb09656cb30439577325c9...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 8, 2026
Vulnerability Reserved
May 13, 2026

CVE-2026-46293 Data

JSON