A GPSd Bug May Push You 20 Years Back From October 24, 2021

While the patch has arrived, unpatched apps may still cause a roll-back to 2002 due to a GPSd bug. This shuffling of time may cause systems to crash. Therefore, all system admins must ensure updating their programs urgently.

GPSd Bug To Come Into Effect On October 24, 2021

A severe technical bug existed in the GPSd, triggering errors in time accuracy for devices relying on the daemon. This vulnerability first caught attention in June this year, after which the developers patched it.

However, what matters the most for regular users is that whether the apps, devices, and services they use have been updated to the latest GPSd release or not. In the latter case, users might face troubles from apps or device hang or crash issues because of the wrong system time.

But why would it happen at all? Let us explain in very simple words.

A little about GPSd and GPS

GPSd is basically a daemon that collects data from the Global Positioning System (GPS) and sends it to the IP in a network. Specifically, GPSd coordinates with the Network Time Protocol (NTP) to sync the corresponding device’s time with the GPS satellites. That’s how it maintains the accuracy in the time provided by apps or devices you use.

As for the GPS, it is primarily one of the Global Navigation Satellite Systems (GNSS) that coordinates location and time with GPS receivers on Earth. The system works by counting the number of weeks since January 5, 1980 (when it first became available for civil use) and rolls over every 19.7 years. This is known as the “GPS Week Number Rollover”, which is defined as,

The main civil GPS signal (C/A code) broadcasts the GPS week number using a 10-bit code with a maximum value of 1,023 weeks. This means every 19.7 years, the GPS week number in the C/A code rolls over to zero.

This rollover first happened in August 1999, and then in April 2019. The next rollover is expected in November 2038. Since it’s predictable, the systems and devices using it make early measures to prevent system glitches and crashes due to wrong time.

However, due to some “miscalculations” in the GPSd code, a bug appeared in the GPS week number rollover sanity check, causing the rollover to trigger on October 24, 2021.

What About The Fix?

The bug in question specifically appeared in one of the recent GPSd versions. Hence, it affects GPSd 3.20, 3.21, and 3.22.

Consequently, the patch has arrived with GPSd 3.23. It’s important to update to this one since the patch won’t be backported. (Otherwise, expect another Y2K.)

Let us know your thoughts in the comments.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil