2492808 – (CVE-2026-53222) CVE-2026-53222 kernel: ptp: ocp: fix resource freeing order

Bug 2492808 (CVE-2026-53222) - CVE-2026-53222 kernel: ptp: ocp: fix resource freeing order

Summary: CVE-2026-53222 kernel: ptp: ocp: fix resource freeing order

Keywords:
Status:	NEW
Alias:	CVE-2026-53222
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-06-25 10:06 UTC by OSIDB Bzimport
Modified:	2026-06-29 13:29 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-06-25 10:06:51 UTC

In the Linux kernel, the following vulnerability has been resolved:

ptp: ocp: fix resource freeing order

Commit a60fc3294a37 ("ptp: rework ptp_clock_unregister() to disable
events") added a call to ptp_disable_all_events() which changes the
configuration of pins if they support EXTTS events. In ptp_ocp_detach()
pins resources are freed before ptp_clock_unregister() and it leads to
use-after-free during driver removal. Fix it by changing the order of
free/unregister calls. To avoid irq handler running on the other core
while ptp device unregistering, call synchronize_irq() after HW is
configured to stop producing irqs and no irqs are in-flight.

Comment 1 Mauro Matteo Cascella 2026-06-29 13:26:13 UTC

Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2026062506-CVE-2026-53222-9c60@gregkh/T

Note You need to log in before you can comment on or make changes to this bug.