CVE-2026-43175

Source
https://cve.org/CVERecord?id=CVE-2026-43175
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43175.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-43175
Downstream
Published
2026-05-06T11:27:49.496Z
Modified
2026-06-18T03:54:33.715788598Z
Summary
clk: rs9: Reserve 8 struct clk_hw slots for for 9FGV0841
Details

In the Linux kernel, the following vulnerability has been resolved:

clk: rs9: Reserve 8 struct clk_hw slots for for 9FGV0841

The 9FGV0841 has 8 outputs and registers 8 struct clkhw, make sure there are 8 slots for those newly registered clkhw pointers, else there is going to be out of bounds write when pointers 4..7 are set into struct rs9driverdata .clk_dif[4..7] field.

Since there are other structure members past this struct clkhw pointer array, writing to .clkdif[4..7] fields corrupts both the struct rs9driverdata content and data around it, sometimes without crashing the kernel. However, the kernel does surely crash when the driver is unbound or during suspend.

Fix this, increase the struct clk_hw pointer array size to the maximum output count of 9FGV0841, which is the biggest chip that is supported by this driver.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43175.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f0e5e1800204b82af6d3e8ef03012ab4afc22358
Fixed
2f926875dffe2226ea26d129e16d9092cccd03aa
Fixed
da86ca15d7389ee0b5df08e8f70c39354e6b8a4b
Fixed
82a34f344999d8029bcebf131028fa519140c7cc
Fixed
5ec820fc28d0b8a0f3890d476b1976f20e8343cc

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43175.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.8.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.16
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.6

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43175.json"