CVE-2026-53222

Summary

In the Linux kernel, the following vulnerability has been resolved:

ptp: ocp: fix resource freeing order

Commit a60fc3294a37 ("ptp: rework ptp_clock_unregister() to disable events") added a call to ptp_disable_all_events() which changes the configuration of pins if they support EXTTS events. In ptp_ocp_detach() pins resources are freed before ptp_clock_unregister() and it leads to use-after-free during driver removal. Fix it by changing the order of free/unregister calls. To avoid irq handler running on the other core while ptp device unregistering, call synchronize_irq() after HW is configured to stop producing irqs and no irqs are in-flight.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa60fc3294a377204664b5484e4a487fa124155da < aa03698bb28d3be5ee180adb185395054b342b04affected
LinuxLinuxa60fc3294a377204664b5484e4a487fa124155da < 627366c51145a07f675b1800fb5ea2ec960bd900affected
LinuxLinux6.18affected
LinuxLinux0 < 6.18unaffected
LinuxLinux7.0.13 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References