CVE-2026-46257
Analyzed Analyzed - Analysis Complete
Kernel Oops in Linux SP804 Timer Driver

Publication date: 2026-06-03

Last updated on: 2026-06-09

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when read_current_timer is called on ARM32 platforms where the SP804 is not registered as the sched_clock. On SP804, the delay timer shares the same clkevt instance with sched_clock. On some platforms, when sp804_clocksource_and_sched_clock_init is called with use_sched_clock not set to 1, sched_clkevt is not properly initialized. However, sp804_register_delay_timer is invoked unconditionally, and read_current_timer() subsequently calls sp804_read on an uninitialized sched_clkevt, leading to a kernel Oops when accessing sched_clkevt->value. Declare a dedicated clkevt instance exclusively for delay timer, instead of sharing the same clkevt with sched_clock. This ensures that read_current_timer continues to work correctly regardless of whether SP804 is selected as the sched_clock.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-03
Last Modified
2026-06-09
Generated
2026-06-24
AI Q&A
2026-06-03
EPSS Evaluated
2026-06-22
NVD
CVE-2026-46257
EUVD
EUVD-2026-34119
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel From 6.19 (inc) to 6.19.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-908 The product uses or accesses a resource that has not been initialized.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can cause the Linux kernel to crash (kernel Oops) on affected ARM32 platforms when the SP804 timer is used in a certain configuration. A kernel Oops can lead to system instability, unexpected reboots, or downtime, potentially disrupting services or applications running on the affected system.

Executive Summary

This vulnerability exists in the Linux kernel's clocksource driver for the SP804 timer on ARM32 platforms. The issue occurs because the delay timer and the sched_clock share the same clkevt instance. On some platforms, if the sched_clock is not properly initialized, the delay timer still tries to use this uninitialized clkevt instance. When the function read_current_timer() calls sp804_read() on this uninitialized sched_clkevt, it causes a kernel Oops (a type of kernel crash).

The fix involves declaring a dedicated clkevt instance exclusively for the delay timer instead of sharing it with the sched_clock. This change ensures that read_current_timer() works correctly regardless of whether SP804 is selected as the sched_clock.

Mitigation Strategies

The vulnerability is resolved by updating the Linux kernel to a version where the clocksource/drivers/timer-sp804 code has been fixed to avoid the kernel Oops on ARM32 platforms.

Specifically, the fix involves declaring a dedicated clkevt instance exclusively for the delay timer instead of sharing the same clkevt with sched_clock, ensuring correct operation regardless of SP804 being selected as the sched_clock.

Therefore, the immediate mitigation step is to apply the kernel update or patch that includes this fix.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46257. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart