CVE-2026-45909 - Vulnerability Details

- clk: mediatek: Drop __initconst from gates

Description

In the Linux kernel, the following vulnerability has been resolved:

clk: mediatek: Drop __initconst from gates

Since commit 8ceff24a754a ("clk: mediatek: clk-gate: Refactor
mtk_clk_register_gate to use mtk_gate struct") the mtk_gate structs
are no longer just used for initialization/registration, but also at
runtime. So drop __initconst annotations.

Published: 2026-05-27

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability arises from the improper marking of MediaTek clock gate data structures with the __initconst annotation, meaning that the memory is slated for deallocation after kernel initialization while the structures are later accessed at runtime. This mismatch can lead to a use‑after‑free condition, which, if exploited, may corrupt kernel memory or cause a crash. The fix removes the annotation to keep the memory alive. The description does not explicitly state the impact, but it is inferred that such a use‑after‑free could result in kernel instability.

Affected Systems

All Linux kernel builds that include the MediaTek clk driver and compile before the commit that removes the __initconst annotation are vulnerable. Systems that use a kernel containing the updated driver or do not load the MediaTek clock driver at runtime are not affected. Version details are not specified in the advisory.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity, while the EPSS score of less than 1 % suggests a very low probability of exploitation. The vulnerability is not listed in CISA's KEV catalog. Exploitation would likely require local access to the device or privileged operations that can trigger the unsafe usage of the clock gate data. Overall, the risk is moderate, mainly due to the need for kernel modifications or local access to trigger the fault.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`8ceff24a754ac065123ae0ec9f31ec03aff55f8a`	affected	< 1debd9ba7eb18af8fb63dc93517c6bbcab0e31ee
`8ceff24a754ac065123ae0ec9f31ec03aff55f8a`	affected	< 866d8ecc4e789f7d73d6cafd1b122d1b6032b3b1
`8ceff24a754ac065123ae0ec9f31ec03aff55f8a`	affected	< 871afb43e41ad4e8246438de495a939cd0f8113c

Linux

affected

Version	Status	Constraints
`6.18`	affected	—
`0`	unaffected	< 6.18
`6.18.14`	unaffected	≤ 6.18.*
`6.19.4`	unaffected	≤ 6.19.*
`7.0`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[8ceff24a754ac065123ae0ec9f31ec03aff55f8a,1debd9ba7eb18af8fb63dc93517c6bbcab0e31ee)`	affected	code_commit	—
`[8ceff24a754ac065123ae0ec9f31ec03aff55f8a,866d8ecc4e789f7d73d6cafd1b122d1b6032b3b1)`	affected	code_commit	—
`[8ceff24a754ac065123ae0ec9f31ec03aff55f8a,871afb43e41ad4e8246438de495a939cd0f8113c)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.18`	affected	generic	—
`[0,6.18)`	unaffected	generic	—
`[6.18.14,6.19.0)`	unaffected	semver	—
`[6.19.4,6.20.0)`	unaffected	semver	—
`[7.0,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the kernel to a release that contains the commit removing the __initconst annotation from MediaTek clock gates.
If a newer kernel cannot be deployed, backport the commit that deletes the __initconst annotation into the current kernel source, rebuild the kernel, and reboot.
As a temporary safety measure, disable the MediaTek clock driver in the kernel configuration (CONFIG_CLK_MEDIATEK=n) to prevent the vulnerable driver from loading.

Generated by OpenCVE AI on May 30, 2026 at 13:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00161.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/1debd9ba7eb18af8fb63dc93517c6bbcab0e31ee
https://git.kernel.org/stable/c/866d8ecc4e789f7d73d6cafd1b122d1b6032b3b1
https://git.kernel.org/stable/c/871afb43e41ad4e8246438de495a939cd0f8113c
https://lore.kernel.org/linux-cve-announce/2026052721-CVE-2026-45909-a8e8@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-45909
https://www.cve.org/CVERecord?id=CVE-2026-45909

History

Sat, 30 May 2026 11:00:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Fri, 29 May 2026 06:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-416

Fri, 29 May 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-824
References		https://lore.kernel.org/linux-cve-announce/2026052721-CVE-2026-45909-a8e8@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-45909 https://www.cve.org/CVERecord?id=CVE-2026-45909

Wed, 27 May 2026 18:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416

Wed, 27 May 2026 14:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Drop __initconst from gates Since commit 8ceff24a754a ("clk: mediatek: clk-gate: Refactor mtk_clk_register_gate to use mtk_gate struct") the mtk_gate structs are no longer just used for initialization/registration, but also at runtime. So drop __initconst annotations.
Title		clk: mediatek: Drop __initconst from gates
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/1debd9ba7eb18af8fb63dc93517c6bbcab0e31ee https://git.kernel.org/stable/c/866d8ecc4e789f7d73d6cafd1b122d1b6032b3b1 https://git.kernel.org/stable/c/871afb43e41ad4e8246438de495a939cd0f8113c

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-05-27T12:17:23.099Z

Updated: 2026-05-30T10:45:51.749Z

Reserved: 2026-05-13T15:03:33.084Z

Link: CVE-2026-45909

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:17:05.453

Modified: 2026-05-30T11:17:15.470

Link: CVE-2026-45909

Redhat

Severity :

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45909 - Bugzilla

OpenCVE Enrichment

Updated: 2026-05-30T13:45:24Z

Weaknesses

CWE-824
Access of Uninitialized Pointer

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object