CVE-2025-38352

Description

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it won't be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case.

Reserved 2025-04-16 | Published 2025-07-22 | Updated 2025-07-22 | Assigner Linux

Product status

Default status
unaffected

0bdd2ed4138ec04e09b4f8165981efc99e439f55 before 78a4b8e3795b31dae58762bc091bb0f4f74a2200
affected

0bdd2ed4138ec04e09b4f8165981efc99e439f55 before c076635b3a42771ace7d276de8dc3bc76ee2ba1b
affected

0bdd2ed4138ec04e09b4f8165981efc99e439f55 before 2f3daa04a9328220de46f0d5c919a6c0073a9f0b
affected

0bdd2ed4138ec04e09b4f8165981efc99e439f55 before 764a7a5dfda23f69919441f2eac2a83e7db6e5bb
affected

0bdd2ed4138ec04e09b4f8165981efc99e439f55 before 2c72fe18cc5f9f1750f5bc148cf1c94c29e106ff
affected

0bdd2ed4138ec04e09b4f8165981efc99e439f55 before c29d5318708e67ac13c1b6fc1007d179fb65b4d7
affected

0bdd2ed4138ec04e09b4f8165981efc99e439f55 before 460188bc042a3f40f72d34b9f7fc6ee66b0b757b
affected

0bdd2ed4138ec04e09b4f8165981efc99e439f55 before f90fff1e152dedf52b932240ebbd670d83330eca
affected

Default status
affected

2.6.36
affected

Any version before 2.6.36
unaffected

5.4.295
unaffected

5.10.239
unaffected

5.15.186
unaffected

6.1.142
unaffected

6.6.94
unaffected

6.12.34
unaffected

6.15.3
unaffected

6.16-rc2
unaffected

References

git.kernel.org/...c/78a4b8e3795b31dae58762bc091bb0f4f74a2200

git.kernel.org/...c/c076635b3a42771ace7d276de8dc3bc76ee2ba1b

git.kernel.org/...c/2f3daa04a9328220de46f0d5c919a6c0073a9f0b

git.kernel.org/...c/764a7a5dfda23f69919441f2eac2a83e7db6e5bb

git.kernel.org/...c/2c72fe18cc5f9f1750f5bc148cf1c94c29e106ff

git.kernel.org/...c/c29d5318708e67ac13c1b6fc1007d179fb65b4d7

git.kernel.org/...c/460188bc042a3f40f72d34b9f7fc6ee66b0b757b

git.kernel.org/...c/f90fff1e152dedf52b932240ebbd670d83330eca

cve.org (CVE-2025-38352)

nvd.nist.gov (CVE-2025-38352)

Download JSON