CVE-2026-46293 - Vulnerability Details

- clk: microchip: mpfs-ccc: fix out of bounds access during output registration

Description

In the Linux kernel, the following vulnerability has been resolved:

clk: microchip: mpfs-ccc: fix out of bounds access during output registration

UBSAN reported an out of bounds access during registration of the last
two outputs. This out of bounds access occurs because space is only
allocated in the hws array for two PLLs and the four output dividers
that each has, but the defined IDs contain two DLLS and their two
outputs each, which are not supported by the driver. The ID order is
PLLs -> DLLs -> PLL outputs -> DLL outputs. Decrement the PLL output IDs
by two while adding them to the array to avoid the problem.

Published: 2026-06-08

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability arises from an out‑of‑bounds array access that occurs during the registration of the last two outputs on the Microchip MPFS‑CCC clock controller. The driver incorrectly allocates space only for certain PLL outputs while the identifier list includes additional DLL outputs that are not supported. This mismatch allows a write beyond the allocated bounds, which can corrupt kernel memory and lead to a crash or other unstable behavior. The defect is detected by UBSAN but is not publicly exploitable without further context, and it does not provide direct code execution capability.

Affected Systems

All Linux kernel binaries that compile the microchip MPFS‑CCC clock driver and load the associated hardware controller. The affected code resides in the clk subsystem for Microchip devices; therefore any Linux system that uses this specific clock controller is potentially impacted, regardless of distribution. No specific kernel release range is listed in the CNA data, so all current kernels that include the unpatched code are vulnerable.

Risk and Exploitability

A CVSS score is not provided in the CVE data, and no EPSS value is available, so the numeric risk assessment is unknown. The bug is a classic out‑of‑bounds write (CWE‑125), which can result in denial of service by causing a kernel panic. The exploitability requires the kernel to be running the unpatched driver and the attacker to be able to trigger the registration of the offending output IDs, which may be limited to privileged users or system initialization. The issue is not listed in the CISA KEV catalog, suggesting no known or documented exploits at this time.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`d39fb172760e426e0628f16b785c85e16d17bd5e`	affected	< 9ed9b580a814773482c0a4f1be045636e68cc109
`d39fb172760e426e0628f16b785c85e16d17bd5e`	affected	< 47bc7a03449c39805bc2665d3e57c73195d5bcf8
`d39fb172760e426e0628f16b785c85e16d17bd5e`	affected	< dbfcb09656cb30439577325c9dea2250203c2e3c
`d39fb172760e426e0628f16b785c85e16d17bd5e`	affected	< a0780aeea166a7cf4706c45af4cadbb2a43a1fc9
`d39fb172760e426e0628f16b785c85e16d17bd5e`	affected	< f24efd415455b98a1f1cfc6071fe6fde71986706
`d39fb172760e426e0628f16b785c85e16d17bd5e`	affected	< 2f7ae8ab6aa73daaf080d5332110357c29df9c36

Linux

affected

Version	Status	Constraints
`6.1`	affected	—
`0`	unaffected	< 6.1
`6.1.175`	unaffected	≤ 6.1.*
`6.6.140`	unaffected	≤ 6.6.*
`6.12.88`	unaffected	≤ 6.12.*
`6.18.30`	unaffected	≤ 6.18.*
`7.0.7`	unaffected	≤ 7.0.*
`7.1-rc1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[d39fb172760e426e0628f16b785c85e16d17bd5e,9ed9b580a814773482c0a4f1be045636e68cc109)`	affected	code_commit	—
`[d39fb172760e426e0628f16b785c85e16d17bd5e,47bc7a03449c39805bc2665d3e57c73195d5bcf8)`	affected	code_commit	—
`[d39fb172760e426e0628f16b785c85e16d17bd5e,dbfcb09656cb30439577325c9dea2250203c2e3c)`	affected	code_commit	—
`[d39fb172760e426e0628f16b785c85e16d17bd5e,a0780aeea166a7cf4706c45af4cadbb2a43a1fc9)`	affected	code_commit	—
`[d39fb172760e426e0628f16b785c85e16d17bd5e,f24efd415455b98a1f1cfc6071fe6fde71986706)`	affected	code_commit	—
`[d39fb172760e426e0628f16b785c85e16d17bd5e,2f7ae8ab6aa73daaf080d5332110357c29df9c36)`	affected	code_commit	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`6.1`	affected	generic	—
`[0,6.1)`	unaffected	generic	—
`[6.1.175,6.2.0)`	unaffected	generic	—
`[6.6.140,6.7.0)`	unaffected	generic	—
`[6.12.88,6.13.0)`	unaffected	generic	—
`[6.18.30,6.19.0)`	unaffected	generic	—
`[7.0.7,7.1.0)`	unaffected	generic	—
`[7.1-rc1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the Linux kernel to a version that includes the fix for the MPFS‑CCC clock driver
If an immediate kernel update is not possible, manually apply the patch changes to the driver source files and rebuild the kernel
If the kernel cannot be updated or patched, disable the MPFS‑CCC clock driver or prevent user space from loading modules that reference it
Consider configuring the system to restrict kernel module loading to privileged users to mitigate accidental exploitation

Generated by OpenCVE AI on June 8, 2026 at 18:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/2f7ae8ab6aa73daaf080d5332110357c29df9c36
https://git.kernel.org/stable/c/47bc7a03449c39805bc2665d3e57c73195d5bcf8
https://git.kernel.org/stable/c/9ed9b580a814773482c0a4f1be045636e68cc109
https://git.kernel.org/stable/c/a0780aeea166a7cf4706c45af4cadbb2a43a1fc9
https://git.kernel.org/stable/c/dbfcb09656cb30439577325c9dea2250203c2e3c
https://git.kernel.org/stable/c/f24efd415455b98a1f1cfc6071fe6fde71986706

History

Mon, 08 Jun 2026 19:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-125

Mon, 08 Jun 2026 17:00:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: clk: microchip: mpfs-ccc: fix out of bounds access during output registration UBSAN reported an out of bounds access during registration of the last two outputs. This out of bounds access occurs because space is only allocated in the hws array for two PLLs and the four output dividers that each has, but the defined IDs contain two DLLS and their two outputs each, which are not supported by the driver. The ID order is PLLs -> DLLs -> PLL outputs -> DLL outputs. Decrement the PLL output IDs by two while adding them to the array to avoid the problem.
Title		clk: microchip: mpfs-ccc: fix out of bounds access during output registration
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2f7ae8ab6aa73daaf080d5332110357c29df9c36 https://git.kernel.org/stable/c/47bc7a03449c39805bc2665d3e57c73195d5bcf8 https://git.kernel.org/stable/c/9ed9b580a814773482c0a4f1be045636e68cc109 https://git.kernel.org/stable/c/a0780aeea166a7cf4706c45af4cadbb2a43a1fc9 https://git.kernel.org/stable/c/dbfcb09656cb30439577325c9dea2250203c2e3c https://git.kernel.org/stable/c/f24efd415455b98a1f1cfc6071fe6fde71986706

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-08T15:46:20.288Z

Updated: 2026-06-08T15:46:20.288Z

Reserved: 2026-05-13T15:03:33.110Z

Link: CVE-2026-46293

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-08T17:16:47.630

Modified: 2026-06-08T17:16:47.630

Link: CVE-2026-46293

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-08T19:00:12Z

Weaknesses

CWE-125

Impact

Affected Systems

Risk and Exploitability

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object