CVE-2025-38352

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-38352

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38352.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-38352

Downstream

BELL-CVE-2025-38352

DEBIAN-CVE-2025-38352

DSA-5973-1

ECHO-11f2-d185-a1f8

MINI-88cf-xvjh-fg4j

OESA-2025-2002

OESA-2025-2003

OESA-2025-2004

OESA-2025-2005

OESA-2025-2006

RHSA-2025:15471

RHSA-2025:15472

RHSA-2025:15646

RHSA-2025:15647

RHSA-2025:15648

RHSA-2025:15649

RHSA-2025:15656

RHSA-2025:15657

RHSA-2025:15658

RHSA-2025:15660

RHSA-2025:15661

RHSA-2025:15662

RHSA-2025:15668

RHSA-2025:15669

RHSA-2025:15670

RHSA-2025:15798

RHSA-2025:15921

RHSA-2025:15931

RHSA-2025:15932

RHSA-2025:15933

RHSA-2025:16008

RHSA-2025:16045

SUSE-SU-2025:02853-1

SUSE-SU-2025:02923-1

SUSE-SU-2025:02969-1

SUSE-SU-2025:03023-1

SUSE-SU-2025:03283-1

SUSE-SU-2025:03314-1

UBUNTU-CVE-2025-38352

USN-7769-1

USN-7769-2

USN-7770-1

USN-7774-1

USN-7774-2

USN-7774-3

USN-7775-1

USN-7776-1

Related

Published

2025-07-22T08:15:23Z

Modified

2025-09-05T14:18:52Z

Summary

[none]

Details

In the Linux kernel, the following vulnerability has been resolved:

posix-cpu-timers: fix race between handleposixcputimers() and posixcputimerdel()

If an exiting non-autoreaping task has already passed exitnotify() and calls handleposixcputimers() from IRQ, it can be reaped by its parent or debugger right after unlocktasksighand().

If a concurrent posixcputimerdel() runs at that moment, it won't be able to detect timer->it.cpu.firing != 0: cputimertaskrcu() and/or locktasksighand() will fail.

Add the tsk->exitstate check into runposixcputimers() to fix this.

This fix is not needed if CONFIGPOSIXCPUTIMERSTASKWORK=y, because exittaskwork() is called before exitnotify(). But the check still makes sense, taskworkadd(&tsk->posixcputimerswork.work) will fail anyway in this case.

References

Affected packages