DEBIAN-CVE-2025-38352
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it won't be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | linux-6.1 | *, *, 6.1.148-1 |
| Debian:12 | linux | 6.1.119-1, 6.1.123-1, 6.1.124-1 |
| Debian:14 | linux | 0, 0 |
| Debian:13 | linux | 0, 0 |
| Debian:11 | linux | 5.10.178-1, 0, 5.10.103-1 |
Exploit Intelligence
- CVE-2025-38352 kernel exploit for LG webOS Smart TVs (ARM64). Achieves persistent root on real consumer hardware with novel exploitation techniques. Responsibly disclosed to LG. (github-poc)
- CVE-2025-38352 kernel exploit for LG webOS Smart TVs (ARM64). Achieves persistent root on real consumer hardware with novel exploitation techniques. Responsibly disclosed to LG. (github-poc-repo)
- Android kernel exploit for CVE-2025-38352, previously exploited in-the-wild. Targets vulnerable x86_64 Linux kernels v5.10.x. (github-poc-repo)
- This is a proof of concept for CVE-2025-38352, a vulnerability in the Linux kernel's POSIX CPU timers implementation. The September 2025 Android Bulletin mentions that this vulnerability has been used in limited, targeted exploitation in the wild. (github-poc-repo)
- Crime2/poc-CVE-2025-38352 (github-poc-repo)
- The official Sentinel Edition v7.11 - Hypervisor Detection & Kernel Memory Audit Suite for Honor Magic V2. Investigating CVE-2025-38352 and EL2 RKP defenses. (github-poc-repo)
- The official Sentinel Edition v7.11 - Hypervisor Detection & Kernel Memory Audit Suite for Honor Magic V2. Investigating CVE-2025-38352 and EL2 RKP defenses. (github-poc)
- Crime2/poc-CVE-2025-38352 (github-poc)
- Android kernel exploit for CVE-2025-38352, previously exploited in-the-wild. Targets vulnerable x86_64 Linux kernels v5.10.x. (github-poc)
- This is a proof of concept for CVE-2025-38352, a vulnerability in the Linux kernel's POSIX CPU timers implementation. The September 2025 Android Bulletin mentions that this vulnerability has been used in limited, targeted exploitation in the wild. (github-poc)
…and 7 more exploits
Timeline
- Jul 22, 2025 CVE Published
- Apr 28, 2026 CVE Updated