VDB
ASB-A-425282960
ASB-A-425282960
PUBLISHED
CVSS 8.600000381469727 HIGH
In run_posix_cpu_timers of posix-cpu-timers.c, there is a possible way to trigger a use-after-free on a sigqueue object due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Risk Scores
CVSS 4.0
8.600000381469727
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | :linux_kernel: | :0, Kernel, :0 |
Exploit Intelligence
- CVE-2025-38352 kernel exploit for LG webOS Smart TVs (ARM64). Achieves persistent root on real consumer hardware with novel exploitation techniques. Responsibly disclosed to LG. (github-poc)
- CVE-2025-38352 kernel exploit for LG webOS Smart TVs (ARM64). Achieves persistent root on real consumer hardware with novel exploitation techniques. Responsibly disclosed to LG. (github-poc-repo)
- Android kernel exploit for CVE-2025-38352, previously exploited in-the-wild. Targets vulnerable x86_64 Linux kernels v5.10.x. (github-poc-repo)
- This is a proof of concept for CVE-2025-38352, a vulnerability in the Linux kernel's POSIX CPU timers implementation. The September 2025 Android Bulletin mentions that this vulnerability has been used in limited, targeted exploitation in the wild. (github-poc-repo)
- Crime2/poc-CVE-2025-38352 (github-poc-repo)
- The official Sentinel Edition v7.11 - Hypervisor Detection & Kernel Memory Audit Suite for Honor Magic V2. Investigating CVE-2025-38352 and EL2 RKP defenses. (github-poc-repo)
- The official Sentinel Edition v7.11 - Hypervisor Detection & Kernel Memory Audit Suite for Honor Magic V2. Investigating CVE-2025-38352 and EL2 RKP defenses. (github-poc)
- Crime2/poc-CVE-2025-38352 (github-poc)
- Android kernel exploit for CVE-2025-38352, previously exploited in-the-wild. Targets vulnerable x86_64 Linux kernels v5.10.x. (github-poc)
- This is a proof of concept for CVE-2025-38352, a vulnerability in the Linux kernel's POSIX CPU timers implementation. The September 2025 Android Bulletin mentions that this vulnerability has been used in limited, targeted exploitation in the wild. (github-poc)
…and 7 more exploits
Timeline
- Sep 1, 2025 CVE Published
- May 15, 2026 CVE Updated