CVE-2026-43175

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> clk: rs9: Reserve 8 struct clk_hw slots for for 9FGV0841<br /> <br /> The 9FGV0841 has 8 outputs and registers 8 struct clk_hw, make sure<br /> there are 8 slots for those newly registered clk_hw pointers, else<br /> there is going to be out of bounds write when pointers 4..7 are set<br /> into struct rs9_driver_data .clk_dif[4..7] field.<br /> <br /> Since there are other structure members past this struct clk_hw<br /> pointer array, writing to .clk_dif[4..7] fields corrupts both<br /> the struct rs9_driver_data content and data around it, sometimes<br /> without crashing the kernel. However, the kernel does surely<br /> crash when the driver is unbound or during suspend.<br /> <br /> Fix this, increase the struct clk_hw pointer array size to the<br /> maximum output count of 9FGV0841, which is the biggest chip that<br /> is supported by this driver.