PT-2025-30384 · Linux +9 · Linux Kernel +9

Published

2025-07-22

·

Updated

2025-11-01

·

CVE-2025-38352

CVSS v3.1
7.4
VectorAV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.147-1 Linux kernel versions prior to 6.6.101
Description The Linux kernel contains a time-of-check time-of-use (TOCTOU) race condition vulnerability in the 
posix-cpu-timers
subsystem. This flaw is present in the 
handle posix cpu timers()
and 
posix cpu timer del()
functions. The vulnerability occurs when these functions run concurrently on an exiting task, potentially leading to a use-after-free scenario. Exploitation of this vulnerability could allow a local attacker to escalate privileges or cause a system crash. This vulnerability is actively exploited.
Recommendations Upgrade the Linux kernel to version 6.1.147-1 or later. Upgrade the Linux kernel to version 6.6.101 or later.

Fix

Race Condition

Time Of Check To Time Of Use

Weakness Enumeration

CWE-362CWE-371CWE-367

Related Identifiers

ALSA-2025:15471
ALSA-2025:15472
ALSA-2025:15661
ALSA-2025:15662
ASB-A-425282960
BDU:2025-10870
CESA-2025_15471
CESA-2025_15472
CESA-2025_15921
CVE-2025-38352
DSA-5973-1
ECHO-11F2-D185-A1F8
INFSA-2025_15471
INFSA-2025_15472
INFSA-2025_15661
MGASA-2025-0218
MGASA-2025-0219
OESA-2025-2002
OESA-2025-2003
OESA-2025-2004
OESA-2025-2005
OESA-2025-2006
RHSA-2025:15662
RHSA-2025_15471
RHSA-2025_15472
RHSA-2025_15661
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:03283-1
SUSE-SU-2025:03314-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
USN-7769-1
USN-7769-2
USN-7769-3
USN-7770-1
USN-7771-1
USN-7774-1
USN-7774-2
USN-7774-3
USN-7774-4
USN-7774-5
USN-7775-1
USN-7775-2
USN-7775-3
USN-7776-1
USN-7789-1
USN-7789-2
USN-7853-1
USN-7854-1

Affected Products

Almalinux
Astra Linux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu