In the Linux kernel, the following vulnerability has been resolved:
iavf: fix PTP use-after-free during reset
Commit 7c01dbfc8a1c5f ("iavf: periodically cache PHC time") introduced a
worker to cache PHC time, but failed to stop it during reset or disable.
This creates a race condition where iavf_reset_task() or
iavf_disable_vf() free adapter resources (AQ) while the worker is still
running. If the worker triggers iavf_queue_ptp_cmd() during teardown, it
accesses freed memory/locks, leading to a crash.
Fix this by calling iavf_ptp_release() before tearing down the adapter.
This ensures ptp_clock_unregister() synchronously cancels the worker and
cleans up the chardev before the backing resources are destroyed.