CVE-2025-38352
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-38352
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38352.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-38352
- Downstream
- Related
- Published
- 2025-07-22T08:04:25.277Z
- Modified
- 2025-11-28T02:34:19.198067Z
- Severity
-
- 7.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
- Details
-
In the Linux kernel, the following vulnerability has been resolved:
posix-cpu-timers: fix race between handleposixcputimers() and posixcputimerdel()
If an exiting non-autoreaping task has already passed exitnotify() and calls handleposixcputimers() from IRQ, it can be reaped by its parent or debugger right after unlocktasksighand().
If a concurrent posixcputimerdel() runs at that moment, it won't be able to detect timer->it.cpu.firing != 0: cputimertaskrcu() and/or locktasksighand() will fail.
Add the tsk->exitstate check into runposixcputimers() to fix this.
This fix is not needed if CONFIGPOSIXCPUTIMERSTASKWORK=y, because exittaskwork() is called before exitnotify(). But the check still makes sense, taskworkadd(&tsk->posixcputimerswork.work) will fail anyway in this case.
- Database specific
{ "cna_assigner": "Linux", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38352.json" }- References
-
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- https://git.kernel.org/stable/c/2c72fe18cc5f9f1750f5bc148cf1c94c29e106ff
- https://git.kernel.org/stable/c/2f3daa04a9328220de46f0d5c919a6c0073a9f0b
- https://git.kernel.org/stable/c/460188bc042a3f40f72d34b9f7fc6ee66b0b757b
- https://git.kernel.org/stable/c/764a7a5dfda23f69919441f2eac2a83e7db6e5bb
- https://git.kernel.org/stable/c/78a4b8e3795b31dae58762bc091bb0f4f74a2200
- https://git.kernel.org/stable/c/c076635b3a42771ace7d276de8dc3bc76ee2ba1b
- https://git.kernel.org/stable/c/c29d5318708e67ac13c1b6fc1007d179fb65b4d7
- https://git.kernel.org/stable/c/f90fff1e152dedf52b932240ebbd670d83330eca
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38352.json
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-38352
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-38352
Affected packages
Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Affected ranges
- Type
- GIT
- Repo
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
- Events
-
Introduced0bdd2ed4138ec04e09b4f8165981efc99e439f55Fixed78a4b8e3795b31dae58762bc091bb0f4f74a2200Fixedc076635b3a42771ace7d276de8dc3bc76ee2ba1bFixed2f3daa04a9328220de46f0d5c919a6c0073a9f0bFixed764a7a5dfda23f69919441f2eac2a83e7db6e5bbFixed2c72fe18cc5f9f1750f5bc148cf1c94c29e106ffFixedc29d5318708e67ac13c1b6fc1007d179fb65b4d7Fixed460188bc042a3f40f72d34b9f7fc6ee66b0b757bFixedf90fff1e152dedf52b932240ebbd670d83330eca
Linux / Kernel
Package
- Name
- Kernel
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced2.6.36Fixed5.4.295
- Type
- ECOSYSTEM
- Events
-
Introduced5.5.0Fixed5.10.239
- Type
- ECOSYSTEM
- Events
-
Introduced5.11.0Fixed5.15.186
- Type
- ECOSYSTEM
- Events
-
Introduced5.16.0Fixed6.1.142
- Type
- ECOSYSTEM
- Events
-
Introduced6.2.0Fixed6.6.94
- Type
- ECOSYSTEM
- Events
-
Introduced6.7.0Fixed6.12.34
- Type
- ECOSYSTEM
- Events
-
Introduced6.13.0Fixed6.15.3