CVE-2026-53222
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
ptp: ocp: fix resource freeing order
Commit a60fc3294a37 ("ptp: rework ptp_clock_unregister() to disable events") added a call to ptp_disable_all_events() which changes the configuration of pins if they support EXTTS events. In ptp_ocp_detach() pins resources are freed before ptp_clock_unregister() and it leads to use-after-free during driver removal. Fix it by changing the order of free/unregister calls. To avoid irq handler running on the other core while ptp device unregistering, call synchronize_irq() after HW is configured to stop producing irqs and no irqs are in-flight.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | a60fc3294a377204664b5484e4a487fa124155da < aa03698bb28d3be5ee180adb185395054b342b04 | affected |
| Linux | Linux | a60fc3294a377204664b5484e4a487fa124155da < 627366c51145a07f675b1800fb5ea2ec960bd900 | affected |
| Linux | Linux | 6.18 | affected |
| Linux | Linux | 0 < 6.18 | unaffected |
| Linux | Linux | 7.0.13 <= 7.0.* | unaffected |
| Linux | Linux | 7.1 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/aa03698bb28d3be5ee180adb185395054b342b04
- https://git.kernel.org/stable/c/627366c51145a07f675b1800fb5ea2ec960bd900
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.