CVE-2026-46293 is a Linux kernel vulnerability affecting the Microchip PolarFire SoC clock controller driver, specifically an out-of-bounds memory access that can occur during clock output registration. Although rooted in low-level kernel code, its presence in the Linux kernel means it could affect Azure infrastructure or Linux-based virtual machines and containers running on Azure. Out-of-bounds access flaws can potentially be exploited to cause system instability or, in more serious scenarios, enable privilege escalation.

Security Architect’s Take: Review whether your Azure Linux VMs, AKS node pools, or other Linux-based workloads run kernel versions affected by this driver vulnerability, and prioritise applying the relevant kernel patch via your distribution’s update mechanism or Azure’s automatic VM patching where available.

Original advisory: CVE-2026-46293 clk: microchip: mpfs-ccc: fix out of bounds access during output registration