When ptp4l is operating on a little-endian architecture as a PTP tranparent clock and forwards a one-step sync message, it generates a follow-up message which has an incorrect length, sending data past the message buffer. An attacker with access to the network can send a one-step sync message to cause an information leak or crash.
Created linuxptp tracking bugs for this issue:
Affects: fedora-all [bug 1979401]
This flaw has been rated as having a Moderate impact. The information leak is probably not very useful on its own as ptp4l doesn't handle any sensitive or confidential data like passwords, private keys, etc.
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2021:4321 https://access.redhat.com/errata/RHSA-2021:4321
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):