Preface: If you are using a security token (fobs or software), when there is a problem with the NTP time source. This is unforeseen. Maybe there is nothing wrong with it. Or, in the worst case, similar you mistaken reset the NTP server time setting. Therefore, all your tokens should be suspended.

Background: Because in the original GPS protocol, only 10 bits were used to represent the week number. If there are 10 bits, it will overflow after counting to 1023, so it can only indicate about 19.6 years. Since the GPS time epoch (epoch) began in the early 1980s, there have been two rollover events (in 1999 and 2019, respectively). In April 2019, Headline News (The Register) announced this vulnerability to the public. It indicates that if you do not or cannot update, there will be a problem. Over time, the deadline has arrived.

Vulnerability details: Due to the design of the GPS protocol, time rollback (or technically termed “GPS Week Rollover”) can be anticipated and usually closely monitored by manufacturers. The next occurrence should have been in November 2038 , but a bug in some sanity checking code within GPSD would cause it to subtract 1024 from the week number on October 24, 2021. This would mean NTP servers using the bugged GPSD version would show a time/date of March 2002 after October 24, 2021.

Official details for reference: https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/