MEDIUM 5.5

CVE-2026-46255: Linux fsl-edma Clock Resource Management Bug

The Linux kernel's fsl-edma driver contains a resource management bug where clock handles are being manually disabled during driver removal, even though they were allocated using automatic cleanup functions. This causes the system to attempt disabling clocks that have already been cleaned up by the kernel, generating warnings and potentially destabilizing the driver removal process. The fix is straightforward: remove the redundant manual disable calls and let the automatic cleanup mechanism handle it.

Source data · NVD / CISA · public domain

CVSS
3.1 · 5.5 MEDIUM · CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weaknesses (CWE)
Affected products
1 configuration(s)
Published / Modified
2026-06-03 / 2026-06-17

NVD description (verbatim)

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: don't explicitly disable clocks in .remove() The clocks in fsl_edma_engine::muxclk are allocated and enabled with devm_clk_get_enabled(), which automatically cleans these resources up, but these clocks are also manually disabled in fsl_edma_remove(). This causes warnings on driver removal for each clock: edma_module already disabled WARNING: CPU: 0 PID: 418 at drivers/clk/clk.c:1200 clk_core_disable+0x198/0x1c8 [...] Call trace: clk_core_disable+0x198/0x1c8 (P) clk_disable+0x34/0x58 fsl_edma_remove+0x74/0xe8 [fsl_edma] [...] ---[ end trace 0000000000000000 ]--- edma_module already unprepared WARNING: CPU: 0 PID: 418 at drivers/clk/clk.c:1059 clk_core_unprepare+0x1f8/0x220 [...] Call trace: clk_core_unprepare+0x1f8/0x220 (P) clk_unprepare+0x34/0x58 fsl_edma_remove+0x7c/0xe8 [fsl_edma] [...] ---[ end trace 0000000000000000 ]--- Fix these warnings by removing the unnecessary fsl_disable_clocks() call in fsl_edma_remove().

5 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-46255 is a resource lifecycle management vulnerability in the Linux kernel's Freescale/NXP eDMA controller driver (fsl-edma). The driver allocates clock resources using devm_clk_get_enabled(), which automatically manages resource cleanup through the device manager framework. However, the fsl_edma_remove() function explicitly calls fsl_disable_clocks(), attempting to manually disable these same clocks. This creates a double-disable condition: the kernel's device manager calls clk_core_disable() and clk_core_unprepare() as part of automatic cleanup, then the driver's remove handler calls these functions again. The Linux clock framework tracks prepare/enable counts and warns when these counters go negative, surfacing the bug via kernel warnings on module unload.

Business impact

This vulnerability primarily affects system stability during driver lifecycle operations on platforms using the Freescale eDMA controller. While not a traditional security issue, the kernel warnings indicate improper resource management that could lead to unpredictable behavior, failed driver reloads, or system hangs in embedded or automotive systems where eDMA is critical for device I/O. For organizations running Linux on NXP/Freescale hardware (common in networking equipment, automotive ECUs, and IoT devices), this bug complicates driver updates and hot-reload scenarios, increasing operational risk during maintenance windows.

Affected systems

The vulnerability affects the Linux kernel's fsl-edma driver, which is the Direct Memory Access (DMA) controller driver for Freescale/NXP eDMA hardware. This includes systems using NXP/Freescale SoCs in automotive, industrial, networking, and embedded IoT applications. The affected component is architecturally specific to ARM and PowerPC platforms that integrate Freescale eDMA IP blocks. Kernel versions using the vulnerable driver code path are in scope; organizations should verify their kernel version against vendor advisories for exact affected releases.

Exploitability

This is not an exploitable security vulnerability in the traditional sense. It is a kernel code defect that generates warnings and indicates improper resource management. An attacker cannot remotely trigger the issue or gain unauthorized access; the condition manifests only during driver removal (module unload or system shutdown). Local privilege is not required to trigger the warnings—any process can remove the driver if the driver supports dynamic unload. The practical impact is degraded system behavior and diagnostic noise rather than a confidentiality, integrity, or availability breach.

Remediation

The fix requires removing the explicit fsl_disable_clocks() call from the fsl_edma_remove() function, allowing the devm_ resource manager to handle clock cleanup automatically. This aligns driver code with the device manager pattern used during allocation. Verify against the Linux kernel upstream commit and your distribution's backport to confirm the exact patch applied. Organizations running affected kernel versions should schedule updates during regular maintenance cycles, prioritizing systems where eDMA driver reloads are frequent or where kernel warning spam impacts monitoring systems.

Patch guidance

Apply the Linux kernel patch that removes the redundant clock disable logic from fsl_edma_remove(). Check your Linux distribution's advisory for backported versions targeting stable branches (e.g., linux-stable, vendor-specific LTS kernels). Test driver reloads (modprobe -r fsl_edma && modprobe fsl_edma) to verify kernel warnings no longer appear in system logs. Confirm no functional regression by validating DMA operations on affected hardware during the testing window before production deployment.

Detection guidance

Monitor kernel logs for the specific warnings: 'edma_module already disabled' and 'edma_module already unprepared' paired with clk_core_disable() and clk_core_unprepare() call traces during fsl_edma removal. These warnings indicate the vulnerable code path is executing. Implement log aggregation rules to flag these patterns on systems running affected kernel versions. Additionally, inspect kernel sources or use kconfig/modinfo to confirm fsl-edma driver presence and version on target systems.

Why prioritize this

Prioritize patching systems where eDMA driver reloads are operational necessity (e.g., firmware update procedures, container workloads with driver module cycling) or where kernel warning suppression is difficult due to monitoring constraints. Systems with stable uptimes and no foreseen driver reload cycles may deprioritize this patch. The CVSS 5.5 MEDIUM score reflects the availability impact of improper driver removal; patching should align with regular kernel update cycles rather than emergency response.

Risk score, explained

CVSS 3.1 score of 5.5 (MEDIUM) is assigned for a local attack vector, low complexity, requiring local privilege to trigger, with no confidentiality or integrity impact but high availability impact. The score reflects that driver removal failures or resource leaks can degrade system stability and prevent legitimate driver operations (availability = high). However, the attack vector is local-only and requires explicit driver unload action, preventing remote exploitation.

Frequently asked questions

Is this a security vulnerability that could allow unauthorized access?

No. This is a kernel code defect (resource management bug), not a security vulnerability. It does not enable privilege escalation, data theft, or unauthorized access. The impact is system stability and operational reliability, not security.

Will I see this issue on production systems?

Only if your production systems perform eDMA driver reloads (dynamic module unload/reload, driver updates). Stable deployments where the driver loads once at boot and remains loaded will not experience the warnings, though the underlying code defect persists. High-churn environments (containers, frequent firmware updates) are more likely to encounter it.

What kernel versions are affected?

Verify against the upstream Linux kernel commits and your Linux distribution's advisory. Generally, versions using fsl-edma driver with devm_clk_get_enabled() allocation are in scope. Check your distribution's advisory or kernel release notes for exact affected versions and backport status.

Do I need to rebuild my entire kernel to apply this patch?

Yes, kernel patches require kernel recompilation and a system reboot. Work with your distribution's kernel maintainers for backported patches targeting your release branch (e.g., stable or LTS). Container-based workloads can update to patched base images; bare-metal systems require scheduled maintenance windows.

This analysis is based on publicly available vulnerability data and Linux kernel documentation. Actual risk and patch availability vary by Linux distribution and kernel branch. Organizations should verify affected kernel versions, patch status, and testing requirements with their distribution vendor and security team. No guarantees are made regarding patch timing, availability, or compatibility with specific systems. Consult official Linux kernel advisories and vendor security bulletins before deployment. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).