CVE-2025-38352

Basic Information

CVE State

PUBLISHED

Reserved Date

April 16, 2025

Published Date

July 22, 2025

Last Updated

May 11, 2026

Vendor

Linux

Product

Linux

Description

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it won't be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case.

Tags

cisa

CVSS Scores

SSVC Information

Exploitation

active

Technical Impact

total

Exploit Status

Exploited in the Wild

Yes (2026-06-01 10:40:05 UTC) Source