HIGH
clk InitData UAF
CVE-2026-45909
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
KernelScan AI6.8MEDIUM
01Description
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Drop __initconst from gates Since commit 8ceff24a754a ("clk: mediatek: clk-gate: Refactor mtk_clk_register_gate to use mtk_gate struct") the mtk_gate structs are no longer just used for initialization/registration, but also at runtime. So drop __initconst annotations.
02KernelScan AI Analysis
Risk summary
MediaTek SoC devices may experience kernel crashes during normal clock management operations. The vulnerability occurs when the kernel accesses freed initialization data that should remain available at runtime. This affects device stability during power management and driver operations.
Vulnerability analysis
The root cause is incorrect __initconst annotations on mtk_gate arrays that are accessed at runtime after commit 8ceff24a754a added pointers to these structures in runtime data. The __initconst marking causes the data to be freed after boot, leading to use-after-free when the clock subsystem later dereferences these pointers during normal operations. The fix removes the __initconst annotations to keep the data available throughout kernel lifetime. Attack surface is local with no privilege requirements since clock operations are part of normal kernel functionality.
03Fix Versions
| Branch | Fixed in | Patch commit |
|---|---|---|
| 6.18 | 6.18.14 | 1debd9ba7eb1 |
| 6.19 | 6.19.4 | 866d8ecc4e78 |
| mainline | 7.0 | 871afb43e41a |