Vulnerability Database

300,830

Total vulnerabilities in the database

CVE-2025-38352

In the Linux kernel, the following vulnerability has been resolved:

posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()

If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand().

If a concurrent posix_cpu_timer_del() runs at that moment, it won't be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail.

Add the tsk->exit_state check into run_posix_cpu_timers() to fix this.

This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case.

  • Published: Jul 22, 2025
  • Updated: Nov 4, 2025
  • CVE: CVE-2025-38352
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.4
  • AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWEs:

Software From Fixed in
linux / linux_kernel 2.6.36 5.4.295
linux / linux_kernel 5.5 5.10.239
linux / linux_kernel 5.11 5.15.186
linux / linux_kernel 5.16 6.1.142
linux / linux_kernel 6.2 6.6.94
linux / linux_kernel 6.7 6.12.34
linux / linux_kernel 6.13 6.15.3
linux / linux_kernel 6.16-rc1 6.16-rc1.x
debian / debian_linux 11.0 11.0.x