CVE-2026-46257

In the Linux kernel, the following vulnerability has been resolved:

clocksource/drivers/timer-sp804: Fix an Oops when read current timer is called on ARM32 platforms where the SP804 is not registered as the sched clock.

On SP804, the delay timer shares the same clkevt instance with sched clock. On some platforms, when sp804 clocksource and sched clock init is called with use sched clock not set to 1, sched clkevt is not properly initialized. However, sp804 register delay timer is invoked unconditionally, and read current timer() subsequently calls sp804 read on an uninitialized sched clkevt, leading to a kernel Oops when accessing sched clkevt->value.

Declare a dedicated clkevt instance exclusively for delay timer, instead of sharing the same clkevt with sched clock. This ensures that read current timer continues to work correctly regardless of whether SP804 is selected as the sched clock.