CVE-2026-46293 - Vulnerability Details

- clk: microchip: mpfs-ccc: fix out of bounds access during output registration

Description

In the Linux kernel, the following vulnerability has been resolved:

clk: microchip: mpfs-ccc: fix out of bounds access during output registration

UBSAN reported an out of bounds access during registration of the last
two outputs. This out of bounds access occurs because space is only
allocated in the hws array for two PLLs and the four output dividers
that each has, but the defined IDs contain two DLLS and their two
outputs each, which are not supported by the driver. The ID order is
PLLs -> DLLs -> PLL outputs -> DLL outputs. Decrement the PLL output IDs
by two while adding them to the array to avoid the problem.

Published: 2026-06-08

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

An out‑of‑bounds array access in the Microchip MPFS‑CCC clock driver occurs when the system registers the last two outputs. Because the driver allocates space only for two PLLs and their four divider outputs, but the identifier list includes additional DLL outputs, the write goes past the allocated buffer. This memory corruption can overwrite adjacent kernel data and trigger a crash or instability. The defect is detected by UBSAN but does not provide direct code execution, so the immediate consequence is a denial of service through kernel panic or erratic behavior.

Affected Systems

Any Linux system that compiles the Linux kernel with the microchip MPFS‑CCC clock driver and has the corresponding hardware controller present is affected. This includes all kernel configurations that enable the device—both vendor‑specific builds and open‑source distributions—unless the driver has been removed or the kernel has been updated past the vulnerable revision. No specific release range is listed, so current kernels that retain the unpatched code are at risk.

Risk and Exploitability

The CVSS score is not supplied and the EPSS metric is unavailable, so quantitative risk is unknown. However, the flaw is a classic out‑of‑bounds write (CWE‑131) and can lead to a kernel crash. Exploitation requires the vulnerable driver to be loaded and for an attacker to trigger the problematic output registration, which likely requires privileged or local access during boot or module load time. The vulnerability is not listed in CISA's KEV catalog, indicating no publicly known exploits at this time, but the potential for denial of service remains.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`d39fb172760e426e0628f16b785c85e16d17bd5e`	affected	< 9ed9b580a814773482c0a4f1be045636e68cc109
`d39fb172760e426e0628f16b785c85e16d17bd5e`	affected	< 47bc7a03449c39805bc2665d3e57c73195d5bcf8
`d39fb172760e426e0628f16b785c85e16d17bd5e`	affected	< dbfcb09656cb30439577325c9dea2250203c2e3c
`d39fb172760e426e0628f16b785c85e16d17bd5e`	affected	< a0780aeea166a7cf4706c45af4cadbb2a43a1fc9
`d39fb172760e426e0628f16b785c85e16d17bd5e`	affected	< f24efd415455b98a1f1cfc6071fe6fde71986706
`d39fb172760e426e0628f16b785c85e16d17bd5e`	affected	< 2f7ae8ab6aa73daaf080d5332110357c29df9c36

Linux

affected

Version	Status	Constraints
`6.1`	affected	—
`0`	unaffected	< 6.1
`6.1.175`	unaffected	≤ 6.1.*
`6.6.140`	unaffected	≤ 6.6.*
`6.12.88`	unaffected	≤ 6.12.*
`6.18.30`	unaffected	≤ 6.18.*
`7.0.7`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[d39fb172760e426e0628f16b785c85e16d17bd5e,9ed9b580a814773482c0a4f1be045636e68cc109)`	affected	code_commit	—
`[d39fb172760e426e0628f16b785c85e16d17bd5e,47bc7a03449c39805bc2665d3e57c73195d5bcf8)`	affected	code_commit	—
`[d39fb172760e426e0628f16b785c85e16d17bd5e,dbfcb09656cb30439577325c9dea2250203c2e3c)`	affected	code_commit	—
`[d39fb172760e426e0628f16b785c85e16d17bd5e,a0780aeea166a7cf4706c45af4cadbb2a43a1fc9)`	affected	code_commit	—
`[d39fb172760e426e0628f16b785c85e16d17bd5e,f24efd415455b98a1f1cfc6071fe6fde71986706)`	affected	code_commit	—
`[d39fb172760e426e0628f16b785c85e16d17bd5e,2f7ae8ab6aa73daaf080d5332110357c29df9c36)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.1`	affected	generic	—
`[0,6.1)`	unaffected	generic	—
`[6.1.175,6.2.0)`	unaffected	generic	—
`[6.6.140,6.7.0)`	unaffected	generic	—
`[6.12.88,6.13.0)`	unaffected	generic	—
`[6.18.30,6.19.0)`	unaffected	generic	—
`[7.0.7,7.1.0)`	unaffected	generic	—
`[7.1-rc1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a version that applies the MPFS‑CCC driver fix for the out‑of‑bounds write.
If an update is not immediately possible, disable the MPFS‑CCC clock driver or build the kernel with the driver configuration option removed to prevent the vulnerable code from loading.
Restrict privileged users from loading kernel modules that reference the MPFS‑CCC driver and enforce a module loading policy that seals the system against unintended driver initialization.

Generated by OpenCVE AI on June 9, 2026 at 03:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00173.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/2f7ae8ab6aa73daaf080d5332110357c29df9c36
https://git.kernel.org/stable/c/47bc7a03449c39805bc2665d3e57c73195d5bcf8
https://git.kernel.org/stable/c/9ed9b580a814773482c0a4f1be045636e68cc109
https://git.kernel.org/stable/c/a0780aeea166a7cf4706c45af4cadbb2a43a1fc9
https://git.kernel.org/stable/c/dbfcb09656cb30439577325c9dea2250203c2e3c
https://git.kernel.org/stable/c/f24efd415455b98a1f1cfc6071fe6fde71986706
https://lore.kernel.org/linux-cve-announce/2026060857-CVE-2026-46293-b59c@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-46293
https://www.cve.org/CVERecord?id=CVE-2026-46293

History

Tue, 09 Jun 2026 02:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-125

Tue, 09 Jun 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-131
References		https://lore.kernel.org/linux-cve-announce/2026060857-CVE-2026-46293-b59c@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-46293 https://www.cve.org/CVERecord?id=CVE-2026-46293

Mon, 08 Jun 2026 19:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-125

Mon, 08 Jun 2026 17:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: clk: microchip: mpfs-ccc: fix out of bounds access during output registration UBSAN reported an out of bounds access during registration of the last two outputs. This out of bounds access occurs because space is only allocated in the hws array for two PLLs and the four output dividers that each has, but the defined IDs contain two DLLS and their two outputs each, which are not supported by the driver. The ID order is PLLs -> DLLs -> PLL outputs -> DLL outputs. Decrement the PLL output IDs by two while adding them to the array to avoid the problem.
Title		clk: microchip: mpfs-ccc: fix out of bounds access during output registration
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2f7ae8ab6aa73daaf080d5332110357c29df9c36 https://git.kernel.org/stable/c/47bc7a03449c39805bc2665d3e57c73195d5bcf8 https://git.kernel.org/stable/c/9ed9b580a814773482c0a4f1be045636e68cc109 https://git.kernel.org/stable/c/a0780aeea166a7cf4706c45af4cadbb2a43a1fc9 https://git.kernel.org/stable/c/dbfcb09656cb30439577325c9dea2250203c2e3c https://git.kernel.org/stable/c/f24efd415455b98a1f1cfc6071fe6fde71986706

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-08T15:46:20.288Z

Updated: 2026-06-14T18:07:01.688Z

Reserved: 2026-05-13T15:03:33.110Z

Link: CVE-2026-46293

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-08T17:16:47.630

Modified: 2026-06-08T17:16:47.630

Link: CVE-2026-46293

Redhat

Severity :

Publid Date: 2026-06-08T00:00:00Z

Links: CVE-2026-46293 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-09T03:30:16Z

Weaknesses

CWE-131
Incorrect Calculation of Buffer Size

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object