CVE-2026-46257
MEDIUMDescription
In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when read_current_timer is called on ARM32 platforms where the SP804 is not registered as the sched_clock. On SP804, the delay timer shares the same clkevt instance with sched_clock. On some platforms, when sp804_clocksource_and_sched_clock_init is called with use_sched_clock not set to 1, sched_clkevt is not properly initialized. However, sp804_register_delay_timer is invoked unconditionally, and read_current_timer() subsequently calls sp804_read on an uninitialized sched_clkevt, leading to a kernel Oops when accessing sched_clkevt->value. Declare a dedicated clkevt instance exclusively for delay timer, instead of sharing the same clkevt with sched_clock. This ensures that read_current_timer continues to work correctly regardless of whether SP804 is selected as the sched_clock.
Is your site exposed to CVE-2026-46257?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| linux | linux_kernel |
References
Frequently Asked Questions
What is CVE-2026-46257? +
How severe is CVE-2026-46257? +
What products are affected by CVE-2026-46257? +
How do I check if I'm vulnerable to CVE-2026-46257? +
Related Vulnerabilities
In high traffic environments, a Silicon Labs OpenThread RCP (see impacted versions) fails to clear the SPI transmit buffer and …
Use of uninitialized resource within the AMD Platform Management Framework (PMF) could allow an attacker to read a uninitialized kernel …
When String.toUpperCase() caused a string to get longer it was possible for uninitialized memory to be incorporated into the result …
HDF5 Library through 1.14.3 may use an uninitialized value in H5A__attr_release_table in H5Aint.c.
Untrusted pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the …