{"id":"CVE-2025-38352","summary":"posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nposix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()\n\nIf an exiting non-autoreaping task has already passed exit_notify() and\ncalls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent\nor debugger right after unlock_task_sighand().\n\nIf a concurrent posix_cpu_timer_del() runs at that moment, it won't be\nable to detect timer-\u003eit.cpu.firing != 0: cpu_timer_task_rcu() and/or\nlock_task_sighand() will fail.\n\nAdd the tsk-\u003eexit_state check into run_posix_cpu_timers() to fix this.\n\nThis fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because\nexit_task_work() is called before exit_notify(). But the check still\nmakes sense, task_work_add(&tsk-\u003eposix_cputimers_work.work) will fail\nanyway in this case.","aliases":["A-425282960","ASB-A-425282960"],"modified":"2026-04-16T04:30:21.107230301Z","published":"2025-07-22T08:04:25.277Z","related":["ALSA-2025:15471","ALSA-2025:15472","ALSA-2025:15661","ALSA-2025:15662","SUSE-SU-2025:02853-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:02969-1","SUSE-SU-2025:02996-1","SUSE-SU-2025:02997-1","SUSE-SU-2025:03011-1","SUSE-SU-2025:03023-1","SUSE-SU-2025:03204-1","SUSE-SU-2025:03283-1","SUSE-SU-2025:03310-1","SUSE-SU-2025:03314-1","SUSE-SU-2025:03344-1","SUSE-SU-2025:03383-1","SUSE-SU-2025:03384-1","SUSE-SU-2025:20577-1","SUSE-SU-2025:20586-1","SUSE-SU-2025:20601-1","SUSE-SU-2025:20602-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","SUSE-SU-2025:4315-1","SUSE-SU-2026:0487-1","SUSE-SU-2026:0489-1","SUSE-SU-2026:0515-1","SUSE-SU-2026:0518-1","SUSE-SU-2026:0521-1","SUSE-SU-2026:0526-1","SUSE-SU-2026:0528-1","SUSE-SU-2026:0535-1","SUSE-SU-2026:0539-1","SUSE-SU-2026:0543-1","SUSE-SU-2026:0546-1","SUSE-SU-2026:0548-1","SUSE-SU-2026:0554-1","SUSE-SU-2026:0556-1","SUSE-SU-2026:0560-1","SUSE-SU-2026:0565-1","SUSE-SU-2026:20455-1","SUSE-SU-2026:20456-1","SUSE-SU-2026:20457-1","SUSE-SU-2026:20458-1","SUSE-SU-2026:20459-1","SUSE-SU-2026:20460-1","SUSE-SU-2026:20461-1","SUSE-SU-2026:20462-1","SUSE-SU-2026:20463-1","SUSE-SU-2026:20464-1","SUSE-SU-2026:20465-1","SUSE-SU-2026:20470-1","SUSE-SU-2026:20499-1","SUSE-SU-2026:20500-1","SUSE-SU-2026:20501-1","SUSE-SU-2026:20502-1","SUSE-SU-2026:20503-1","SUSE-SU-2026:20504-1","SUSE-SU-2026:20511-1","SUSE-SU-2026:20512-1","SUSE-SU-2026:20513-1","SUSE-SU-2026:20514-1","SUSE-SU-2026:20515-1","SUSE-SU-2026:20516-1","SUSE-SU-2026:20635-1","SUSE-SU-2026:20644-1","SUSE-SU-2026:20645-1","openSUSE-SU-2025:20081-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38352.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/2c72fe18cc5f9f1750f5bc148cf1c94c29e106ff"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2f3daa04a9328220de46f0d5c919a6c0073a9f0b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/460188bc042a3f40f72d34b9f7fc6ee66b0b757b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/764a7a5dfda23f69919441f2eac2a83e7db6e5bb"},{"type":"WEB","url":"https://git.kernel.org/stable/c/78a4b8e3795b31dae58762bc091bb0f4f74a2200"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c076635b3a42771ace7d276de8dc3bc76ee2ba1b"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c29d5318708e67ac13c1b6fc1007d179fb65b4d7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f90fff1e152dedf52b932240ebbd670d83330eca"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-38352"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38352.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38352"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"},{"type":"EVIDENCE","url":"https://github.com/farazsth98/chronomaly"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0bdd2ed4138ec04e09b4f8165981efc99e439f55"},{"fixed":"78a4b8e3795b31dae58762bc091bb0f4f74a2200"},{"fixed":"c076635b3a42771ace7d276de8dc3bc76ee2ba1b"},{"fixed":"2f3daa04a9328220de46f0d5c919a6c0073a9f0b"},{"fixed":"764a7a5dfda23f69919441f2eac2a83e7db6e5bb"},{"fixed":"2c72fe18cc5f9f1750f5bc148cf1c94c29e106ff"},{"fixed":"c29d5318708e67ac13c1b6fc1007d179fb65b4d7"},{"fixed":"460188bc042a3f40f72d34b9f7fc6ee66b0b757b"},{"fixed":"f90fff1e152dedf52b932240ebbd670d83330eca"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38352.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}