Race Condition in Linux Kernel Affecting CPU Timer Handling
CVE-2025-38352
What is CVE-2025-38352?
A race condition has been identified in the Linux kernel's handling of POSIX CPU timers. When a non-autoreaping task reaches the exit_notify() state and subsequently calls handle_posix_cpu_timers() from an interrupt request (IRQ), it may be reaped by its parent or debugger immediately after unlocking task signal handlers. If a concurrent posix_cpu_timer_del() is executed during this period, it fails to detect active timers correctly due to improper state handling. A solution has been implemented that incorporates a check for the task's exit state within the run_posix_cpu_timers() function. This check ensures that the task state management is more robust and prevents race conditions, especially in scenarios where CONFIG_POSIX_CPU_TIMERS_TASK_WORK is not enabled.
Affected Version(s)
Linux 0bdd2ed4138ec04e09b4f8165981efc99e439f55 < 78a4b8e3795b31dae58762bc091bb0f4f74a2200
Linux 0bdd2ed4138ec04e09b4f8165981efc99e439f55
Linux 0bdd2ed4138ec04e09b4f8165981efc99e439f55 < 2f3daa04a9328220de46f0d5c919a6c0073a9f0b