Description
In the Linux kernel, the following vulnerability has been resolved:

clocksource/drivers/timer-sp804: Fix an Oops when read_current_timer is called on ARM32 platforms where the SP804 is not registered as the sched_clock.

On SP804, the delay timer shares the same clkevt instance with
sched_clock. On some platforms, when
sp804_clocksource_and_sched_clock_init is called with use_sched_clock
not set to 1, sched_clkevt is not properly initialized. However,
sp804_register_delay_timer is invoked unconditionally, and
read_current_timer() subsequently calls sp804_read on an uninitialized
sched_clkevt, leading to a kernel Oops when accessing
sched_clkevt->value.

Declare a dedicated clkevt instance exclusively for delay timer,
instead of sharing the same clkevt with sched_clock. This ensures
that read_current_timer continues to work correctly regardless of
whether SP804 is selected as the sched_clock.
Published: 2026-06-03
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability causes an uninitialized clkevt instance to be used during a read_current_timer call on ARM32 platforms where the SP804 timer is not configured as the sched_clock. The read attempts to access a NULL pointer, producing a kernel Oops that brings the system down. The impact is a loss of availability, as the crash can force a reboot or lock the machine until a restart. No information indicates that an attacker can gain code execution or compromise confidentiality or integrity.

Affected Systems

The issue affects Linux kernel releases on ARM32 devices that use the SP804 timer when the kernel’s sched_clock is not enabled for that device. The specific affected kernel versions are not listed in the CVE data, but the problem is present in any build that contains the sp804 driver before the patch from commit 693b0b594b0f278bafa784984129c0c0f988e352. Devices that rely on SP804 for delayed timers and have a device tree entry that does not set use_sched_clock to 1 are most at risk.

Risk and Exploitability

The CVSS score of 5.5 indicates moderate severity, and the EPSS score is less than 1%, suggesting a low probability of exploitation. The vulnerability leads to an Oops, which is a local, kernel‑level impact. It is not recorded in CISA's KEV catalog. An attacker with local, privileged access could trigger the crash by invoking a function that calls read_current_timer while the SP804 timer is uninitialized. Without such local privileges, the vulnerability remains unlikely to be exploitable. The risk is primarily a denial of service under these conditions.

Generated by OpenCVE AI on June 9, 2026 at 22:29 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes commit 693b0b594b0f278bafa784984129c0c0f988e352 or newer, which separates the delay timer clkevt from the sched_clock clkevt.
  • Rebuild and install the patched kernel on all affected ARM32 devices, ensuring that the updated kernel is active before a reboot.
  • Verify that the device tree configuration for SP804 sets use_sched_clock appropriately (or that the driver is patched) to prevent the uninitialized clkevt from being used.

Generated by OpenCVE AI on June 9, 2026 at 22:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-908
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Thu, 04 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-824
References

Wed, 03 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-665

Wed, 03 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when read_current_timer is called on ARM32 platforms where the SP804 is not registered as the sched_clock. On SP804, the delay timer shares the same clkevt instance with sched_clock. On some platforms, when sp804_clocksource_and_sched_clock_init is called with use_sched_clock not set to 1, sched_clkevt is not properly initialized. However, sp804_register_delay_timer is invoked unconditionally, and read_current_timer() subsequently calls sp804_read on an uninitialized sched_clkevt, leading to a kernel Oops when accessing sched_clkevt->value. Declare a dedicated clkevt instance exclusively for delay timer, instead of sharing the same clkevt with sched_clock. This ensures that read_current_timer continues to work correctly regardless of whether SP804 is selected as the sched_clock.
Title clocksource/drivers/timer-sp804: Fix an Oops when read_current_timer is called on ARM32 platforms where the SP804 is not registered as the sched_clock.
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-03T15:49:54.286Z

Reserved: 2026-05-13T15:03:33.108Z

Link: CVE-2026-46257

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-06-03T18:16:26.733

Modified: 2026-06-09T20:10:20.093

Link: CVE-2026-46257

cve-icon Redhat

Severity :

Publid Date: 2026-06-03T00:00:00Z

Links: CVE-2026-46257 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T22:30:14Z

Weaknesses
  • CWE-665

    Improper Initialization

  • CWE-824

    Access of Uninitialized Pointer

  • CWE-908

    Use of Uninitialized Resource