Description
In the Linux kernel, the following vulnerability has been resolved:

ptp: ocp: fix resource freeing order

Commit a60fc3294a37 ("ptp: rework ptp_clock_unregister() to disable
events") added a call to ptp_disable_all_events() which changes the
configuration of pins if they support EXTTS events. In ptp_ocp_detach()
pins resources are freed before ptp_clock_unregister() and it leads to
use-after-free during driver removal. Fix it by changing the order of
free/unregister calls. To avoid irq handler running on the other core
while ptp device unregistering, call synchronize_irq() after HW is
configured to stop producing irqs and no irqs are in-flight.
Published: 2026-06-25
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel contains a use‑after‑free flaw in the PTP OC driver. When the driver is unloaded, its resources are freed before the clock has been unregistered, causing memory corruption that an attacker could leverage to crash the kernel or to execute arbitrary code. This weakness arises from an improper order of resource freeing introduced by earlier changes to the clock handling API.

Affected Systems

The vulnerability affects Linux kernel builds that include the PTP OC driver prior to the integration of commits a60fc3294a37 and aa03698bb28d3be5ee180adb185395054b342b04. All kernel releases that have not applied these commits are susceptible.

Risk and Exploitability

The CVSS score is not publicly available and EPSS information is missing, so the exploitation likelihood is not quantified. Nevertheless, a use‑after‑free in kernel space can severely compromise system integrity if exercised by an attacker with sufficient privileges to unload the driver. The issue is not listed in the CISA KEV catalogue. Based on the description, it is inferred that the likely attack vector involves privileged kernel module removal or reboot activity. The vulnerability could lead to a denial-of-service or potential arbitrary code execution if the exploit is successful.

Generated by OpenCVE AI on June 25, 2026 at 11:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes commits a60fc3294a37 or aa03698bb28d3be5ee180adb185395054b342b04.
  • If an upgrade is not possible, cherry‑pick current kernel source tree.
  • If the PTP OC driver is unnecessary for your environment, disable or remove it from the kernel configuration to eliminate the risk.

Generated by OpenCVE AI on June 25, 2026 at 11:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-416

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: fix resource freeing order Commit a60fc3294a37 ("ptp: rework ptp_clock_unregister() to disable events") added a call to ptp_disable_all_events() which changes the configuration of pins if they support EXTTS events. In ptp_ocp_detach() pins resources are freed before ptp_clock_unregister() and it leads to use-after-free during driver removal. Fix it by changing the order of free/unregister calls. To avoid irq handler running on the other core while ptp device unregistering, call synchronize_irq() after HW is configured to stop producing irqs and no irqs are in-flight.
Title ptp: ocp: fix resource freeing order
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-25T08:39:23.934Z

Reserved: 2026-06-09T07:44:35.392Z

Link: CVE-2026-53222

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T11:30:06Z

Weaknesses