CVE-2025-38352

Name: CVE-2025-38352
Creator: NVD / NIST
Published: 2025-07-22T08:15:23.577+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.4/10Actively ExploitedEPSS 1.34%

Last modified Jun 17, 2026

CVE-2025-38352 is a high-severity vulnerability rated 7.4/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it won't be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case.. CISA has confirmed active exploitation in the wild. EPSS estimates a 1.34% chance of exploitation in the next 30 days.

Description

In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it won't be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case.

Metrics

CVSS 3.1

7.4/10

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.34%

67.8th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Sep 25, 2025.

Weakness Enumeration

CWE-367

Affected Software

Vendor	Product	Versions	Update
Linux	Linux Kernel	>= 2.6.36, < 5.4.295	—
Linux	Linux Kernel	>= 5.5, < 5.10.239	—
Linux	Linux Kernel	>= 5.11, < 5.15.186	—
Linux	Linux Kernel	>= 5.16, < 6.1.142	—
Linux	Linux Kernel	>= 6.2, < 6.6.94	—
Linux	Linux Kernel	>= 6.7, < 6.12.34	—
Linux	Linux Kernel	>= 6.13, < 6.15.3	—
Linux	Linux Kernel	6.16	Rc1
Debian	Debian Linux	11.0	—

References

https://git.kernel.org/stable/c/2c72fe18cc5f9f1750f5bc148cf1c94c29e106ffPatch
https://git.kernel.org/stable/c/2f3daa04a9328220de46f0d5c919a6c0073a9f0bPatch
https://git.kernel.org/stable/c/460188bc042a3f40f72d34b9f7fc6ee66b0b757bPatch
https://git.kernel.org/stable/c/764a7a5dfda23f69919441f2eac2a83e7db6e5bbPatch
https://git.kernel.org/stable/c/78a4b8e3795b31dae58762bc091bb0f4f74a2200Patch
https://git.kernel.org/stable/c/c076635b3a42771ace7d276de8dc3bc76ee2ba1bPatch
https://git.kernel.org/stable/c/c29d5318708e67ac13c1b6fc1007d179fb65b4d7Patch
https://git.kernel.org/stable/c/f90fff1e152dedf52b932240ebbd670d83330ecaPatch
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.htmlMailing List, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.htmlMailing List, Third Party Advisory
https://github.com/farazsth98/chronomalyExploit
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-38352US Government Resource

Timeline

Published: Jul 22, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-38352?

How severe is CVE-2025-38352?

CVE-2025-38352 has a CVSS score of 7.4/10 (HIGH severity). The EPSS model estimates a 1.34% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2025-38352?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-38352?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST