diff --git a/NEWS b/NEWS
index 4c249c8f00c..15de4ce6cff 100644
--- a/NEWS
+++ b/NEWS
@@ -161,6 +161,16 @@ CHANGES WITH 260 in spe:
 
         * resolvectl now uses varlink to connect to systemd-resolved.
 
+        systemd-udevd:
+
+        * Permissions for /dev/ptp* are now set to 0664 (previously 0660),
+          allowing unprivileged read-only access. This relies on the kernel fix
+          "ptp: Add PHC file mode checks. Allow RO adjtime() without
+          FMODE_WRITE." (commit b4e53b15c04e), which adds missing PTP ioctl
+          permission checks and keeps clock-modifying operations
+          write-restricted. Systems running stable kernel branches should
+          ensure they are updated to patch levels that include this fix.
+
         Changes in other components:
 
         * systemd-repart gained basic support for integrity checks of encrypted
diff --git a/rules.d/50-udev-default.rules.in b/rules.d/50-udev-default.rules.in
index ec0dd38e702..22b38f5f115 100644
--- a/rules.d/50-udev-default.rules.in
+++ b/rules.d/50-udev-default.rules.in
@@ -31,7 +31,7 @@ SUBSYSTEM=="pci|usb|platform", IMPORT{builtin}="path_id"
 
 SUBSYSTEM=="net", IMPORT{builtin}="net_driver"
 
-SUBSYSTEM=="ptp", GROUP="clock", MODE="0660"
+SUBSYSTEM=="ptp", GROUP="clock", MODE="0664"
 SUBSYSTEM=="ptp", ATTR{clock_name}=="KVM virtual PTP", SYMLINK+="ptp_kvm"
 SUBSYSTEM=="ptp", ATTR{clock_name}=="hyperv", SYMLINK+="ptp_hyperv"
 SUBSYSTEM=="ptp", ATTR{clock_name}=="ptp_vmw", SYMLINK+="ptp_vmware"