PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-46293 Linux CVE debrief

A Linux kernel vulnerability, CVE-2026-46293, was identified in clk: microchip: mpfs-ccc. The issue involves an out of bounds access during output registration. According to the description, UBSAN reported an out of bounds access during registration of the last two outputs. This occurs because space is only allocated in the hws array for two PLLs and the four output dividers that each has, but the defined IDs contain two DLLS and their two outputs each, which are not supported by the driver.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-08
Original CVE updated
2026-06-08
Advisory published
2026-06-08
Advisory updated
2026-06-08

Who should care

Users of the Linux kernel, specifically those utilizing clk: microchip: mpfs-ccc, should be aware of this vulnerability. This issue may impact systems relying on the affected driver.

Technical summary

The vulnerability arises from an out of bounds access during output registration in clk: microchip: mpfs-ccc. The problem is caused by insufficient space allocation in the hws array for the defined IDs, which include unsupported DLLs and their outputs.

Defensive priority

Medium

Recommended defensive actions

  • Apply the provided patches to resolve the vulnerability.
  • Review and update affected systems to ensure the fix is implemented.

Evidence notes

The CVE record and NVD detail provide information on the vulnerability.

Official resources

CVE-2026-46293 was published on 2026-06-08T17:16:47.630Z and has not been modified.