CVE-2026-46255
Description
Linux kernel DMA engine driver has a bug causing warnings on driver removal.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Linux kernel DMA engine driver has a bug causing warnings on driver removal.
Vulnerability
The Linux kernel's fsl-edma driver has a vulnerability where clocks are explicitly disabled in the .remove() function, even though they are automatically managed by devm_clk_get_enabled(). This leads to warnings during driver removal for each clock. The affected component is the fsl_edma_engine::muxclk within the fsl-edma driver.
Exploitation
An attacker would need to trigger the removal of the fsl-edma driver. This is not a typical attack vector as it requires kernel-level operations or specific system events that lead to driver unloading, rather than direct exploitation by an unprivileged user.
Impact
The vulnerability results in warning messages being printed to the kernel log during driver removal, indicating that clocks are being disabled and unprepared when they are already in that state. This does not lead to data corruption, privilege escalation, or denial of service, but rather indicates a code correctness issue.
Mitigation
The issue has been resolved by removing the unnecessary fsl_disable_clocks() call in the fsl_edma_remove() function. The fix is available in the Linux kernel. Specific patched versions are not detailed in the provided references, but the fix is present in the kernel git repository [1].
AI Insight generated on Jun 3, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
10666c53e94c1ddmaengine: fsl-edma: don't explicitly disable clocks in .remove()
1 file changed · +0 −2
drivers/dma/fsl-edma-main.c+0 −2 modifieddiff --git a/drivers/dma/fsl-edma-main.c b/drivers/dma/fsl-edma-main.c index a753b7cbfa7a3..dbcdd1e683190 100644 --- a/drivers/dma/fsl-edma-main.c +++ b/drivers/dma/fsl-edma-main.c @@ -915,7 +915,6 @@ static void fsl_edma_remove(struct platform_device *pdev) of_dma_controller_free(np); dma_async_device_unregister(&fsl_edma->dma_dev); fsl_edma_cleanup_vchan(&fsl_edma->dma_dev); - fsl_disable_clocks(fsl_edma, fsl_edma->drvdata->dmamuxs); } static int fsl_edma_suspend_late(struct device *dev) -- cgit 1.3-korg
b84dba68c482dmaengine: fsl-edma: don't explicitly disable clocks in .remove()
1 file changed · +0 −2
drivers/dma/fsl-edma-main.c+0 −2 modifieddiff --git a/drivers/dma/fsl-edma-main.c b/drivers/dma/fsl-edma-main.c index a753b7cbfa7a3..dbcdd1e683190 100644 --- a/drivers/dma/fsl-edma-main.c +++ b/drivers/dma/fsl-edma-main.c @@ -915,7 +915,6 @@ static void fsl_edma_remove(struct platform_device *pdev) of_dma_controller_free(np); dma_async_device_unregister(&fsl_edma->dma_dev); fsl_edma_cleanup_vchan(&fsl_edma->dma_dev); - fsl_disable_clocks(fsl_edma, fsl_edma->drvdata->dmamuxs); } static int fsl_edma_suspend_late(struct device *dev) -- cgit 1.3-korg
533d495f15e4dmaengine: fsl-edma: don't explicitly disable clocks in .remove()
1 file changed · +0 −2
drivers/dma/fsl-edma-main.c+0 −2 modifieddiff --git a/drivers/dma/fsl-edma-main.c b/drivers/dma/fsl-edma-main.c index 7dedd85d74d9b..34b194759d218 100644 --- a/drivers/dma/fsl-edma-main.c +++ b/drivers/dma/fsl-edma-main.c @@ -678,7 +678,6 @@ static void fsl_edma_remove(struct platform_device *pdev) of_dma_controller_free(np); dma_async_device_unregister(&fsl_edma->dma_dev); fsl_edma_cleanup_vchan(&fsl_edma->dma_dev); - fsl_disable_clocks(fsl_edma, fsl_edma->drvdata->dmamuxs); } static int fsl_edma_suspend_late(struct device *dev) -- cgit 1.3-korg
68feac21bd4ddmaengine: fsl-edma: don't explicitly disable clocks in .remove()
1 file changed · +0 −2
drivers/dma/fsl-edma-main.c+0 −2 modifieddiff --git a/drivers/dma/fsl-edma-main.c b/drivers/dma/fsl-edma-main.c index 4794d58dab556..540b47c520dce 100644 --- a/drivers/dma/fsl-edma-main.c +++ b/drivers/dma/fsl-edma-main.c @@ -708,7 +708,6 @@ static void fsl_edma_remove(struct platform_device *pdev) of_dma_controller_free(np); dma_async_device_unregister(&fsl_edma->dma_dev); fsl_edma_cleanup_vchan(&fsl_edma->dma_dev); - fsl_disable_clocks(fsl_edma, fsl_edma->drvdata->dmamuxs); } static int fsl_edma_suspend_late(struct device *dev) -- cgit 1.3-korg
bda244871179dmaengine: fsl-edma: don't explicitly disable clocks in .remove()
1 file changed · +0 −2
drivers/dma/fsl-edma-main.c+0 −2 modifieddiff --git a/drivers/dma/fsl-edma-main.c b/drivers/dma/fsl-edma-main.c index 97583c7d51a2e..093185768ad8e 100644 --- a/drivers/dma/fsl-edma-main.c +++ b/drivers/dma/fsl-edma-main.c @@ -915,7 +915,6 @@ static void fsl_edma_remove(struct platform_device *pdev) of_dma_controller_free(np); dma_async_device_unregister(&fsl_edma->dma_dev); fsl_edma_cleanup_vchan(&fsl_edma->dma_dev); - fsl_disable_clocks(fsl_edma, fsl_edma->drvdata->dmamuxs); } static int fsl_edma_suspend_late(struct device *dev) -- cgit 1.3-korg
b84dba68c482dmaengine: fsl-edma: don't explicitly disable clocks in .remove()
1 file changed · +0 −2
drivers/dma/fsl-edma-main.c+0 −2 modifieddiff --git a/drivers/dma/fsl-edma-main.c b/drivers/dma/fsl-edma-main.c index a753b7cbfa7a3..dbcdd1e683190 100644 --- a/drivers/dma/fsl-edma-main.c +++ b/drivers/dma/fsl-edma-main.c @@ -915,7 +915,6 @@ static void fsl_edma_remove(struct platform_device *pdev) of_dma_controller_free(np); dma_async_device_unregister(&fsl_edma->dma_dev); fsl_edma_cleanup_vchan(&fsl_edma->dma_dev); - fsl_disable_clocks(fsl_edma, fsl_edma->drvdata->dmamuxs); } static int fsl_edma_suspend_late(struct device *dev) -- cgit 1.3-korg
bda244871179dmaengine: fsl-edma: don't explicitly disable clocks in .remove()
1 file changed · +0 −2
drivers/dma/fsl-edma-main.c+0 −2 modifieddiff --git a/drivers/dma/fsl-edma-main.c b/drivers/dma/fsl-edma-main.c index 97583c7d51a2e..093185768ad8e 100644 --- a/drivers/dma/fsl-edma-main.c +++ b/drivers/dma/fsl-edma-main.c @@ -915,7 +915,6 @@ static void fsl_edma_remove(struct platform_device *pdev) of_dma_controller_free(np); dma_async_device_unregister(&fsl_edma->dma_dev); fsl_edma_cleanup_vchan(&fsl_edma->dma_dev); - fsl_disable_clocks(fsl_edma, fsl_edma->drvdata->dmamuxs); } static int fsl_edma_suspend_late(struct device *dev) -- cgit 1.3-korg
533d495f15e4dmaengine: fsl-edma: don't explicitly disable clocks in .remove()
1 file changed · +0 −2
drivers/dma/fsl-edma-main.c+0 −2 modifieddiff --git a/drivers/dma/fsl-edma-main.c b/drivers/dma/fsl-edma-main.c index 7dedd85d74d9b..34b194759d218 100644 --- a/drivers/dma/fsl-edma-main.c +++ b/drivers/dma/fsl-edma-main.c @@ -678,7 +678,6 @@ static void fsl_edma_remove(struct platform_device *pdev) of_dma_controller_free(np); dma_async_device_unregister(&fsl_edma->dma_dev); fsl_edma_cleanup_vchan(&fsl_edma->dma_dev); - fsl_disable_clocks(fsl_edma, fsl_edma->drvdata->dmamuxs); } static int fsl_edma_suspend_late(struct device *dev) -- cgit 1.3-korg
666c53e94c1ddmaengine: fsl-edma: don't explicitly disable clocks in .remove()
1 file changed · +0 −2
drivers/dma/fsl-edma-main.c+0 −2 modifieddiff --git a/drivers/dma/fsl-edma-main.c b/drivers/dma/fsl-edma-main.c index a753b7cbfa7a3..dbcdd1e683190 100644 --- a/drivers/dma/fsl-edma-main.c +++ b/drivers/dma/fsl-edma-main.c @@ -915,7 +915,6 @@ static void fsl_edma_remove(struct platform_device *pdev) of_dma_controller_free(np); dma_async_device_unregister(&fsl_edma->dma_dev); fsl_edma_cleanup_vchan(&fsl_edma->dma_dev); - fsl_disable_clocks(fsl_edma, fsl_edma->drvdata->dmamuxs); } static int fsl_edma_suspend_late(struct device *dev) -- cgit 1.3-korg
68feac21bd4ddmaengine: fsl-edma: don't explicitly disable clocks in .remove()
1 file changed · +0 −2
drivers/dma/fsl-edma-main.c+0 −2 modifieddiff --git a/drivers/dma/fsl-edma-main.c b/drivers/dma/fsl-edma-main.c index 4794d58dab556..540b47c520dce 100644 --- a/drivers/dma/fsl-edma-main.c +++ b/drivers/dma/fsl-edma-main.c @@ -708,7 +708,6 @@ static void fsl_edma_remove(struct platform_device *pdev) of_dma_controller_free(np); dma_async_device_unregister(&fsl_edma->dma_dev); fsl_edma_cleanup_vchan(&fsl_edma->dma_dev); - fsl_disable_clocks(fsl_edma, fsl_edma->drvdata->dmamuxs); } static int fsl_edma_suspend_late(struct device *dev) -- cgit 1.3-korg
Vulnerability mechanics
Root cause
"The fsl_edma driver explicitly disables clocks that are already managed by devm_clk_get_enabled()."
Attack vector
This vulnerability is triggered during the driver removal process. When the fsl_edma driver is unloaded, it attempts to manually disable clocks that were already enabled and are managed by the kernel's device resource management. This leads to warnings indicating that the clocks are already disabled or unprepared.
Affected code
The vulnerability resides in the `fsl_edma_remove()` function within the `drivers/dma/fsl-edma-main.c` file. Specifically, the call to `fsl_disable_clocks(fsl_edma, fsl_edma->drvdata->dmamuxs)` is the problematic line that causes the issue [patch_id=4686670].
What the fix does
The patch removes the explicit call to `fsl_disable_clocks()` within the `fsl_edma_remove()` function [patch_id=4686670]. Since the clocks are acquired using `devm_clk_get_enabled()`, they are automatically handled by the device resource management system upon driver removal. Removing the redundant call prevents the double-disable operation, thus resolving the warnings.
Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- git.kernel.org/stable/c/533d495f15e4c88ad5246c7f90ae026702e28d75nvd
- git.kernel.org/stable/c/666c53e94c1d0bf0bdf14c49505ece9ddbe725bcnvd
- git.kernel.org/stable/c/68feac21bd4de7ae4faba05704c404861d991fcfnvd
- git.kernel.org/stable/c/b84dba68c4823da452cec99a5d213571a65d06denvd
- git.kernel.org/stable/c/bda244871179543dd3be7d093236cb33b2fb1765nvd
News mentions
1- Linux Kernel: 25 Vulnerabilities Disclosed in Single Batch on June 3, 2026Vypr Intelligence · Jun 3, 2026