PT-2025-30384 · Linux +8 · Linux Kernel +8

Published

2025-07-22

·

Updated

2025-09-27

·

CVE-2025-38352

CVSS v3.1
7.4
VectorAV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

**Name of the Vulnerable Software and Affected Versions**

Linux kernel versions prior to 6.1.147-1

Linux kernel versions prior to 6.6.101

**Description**

The Linux kernel contains a time-of-check time-of-use (TOCTOU) race condition vulnerability in the `posix-cpu-timers` subsystem. This flaw is present in the `handle posix cpu timers()` and `posix cpu timer del()` functions. The vulnerability occurs when these functions run concurrently on an exiting task, potentially leading to a use-after-free scenario. Exploitation of this vulnerability could allow a local attacker to escalate privileges or cause a system crash. This vulnerability is actively exploited.

**Recommendations**

Upgrade the Linux kernel to version 6.1.147-1 or later.

Upgrade the Linux kernel to version 6.6.101 or later.

Fix

Time Of Check To Time Of Use

Race Condition

Weakness Enumeration

CWE-367CWE-371CWE-362

Related Identifiers

ALSA-2025:15471
ALSA-2025:15472
ALSA-2025:15661
ALSA-2025:15662
ASB-A-425282960
BDU:2025-10870
CESA-2025_15471
CESA-2025_15472
CESA-2025_15921
CVE-2025-38352
DSA-5973-1
ECHO-11F2-D185-A1F8
INFSA-2025_15471
INFSA-2025_15472
INFSA-2025_15661
MGASA-2025-0218
MGASA-2025-0219
OESA-2025-2002
OESA-2025-2003
OESA-2025-2004
OESA-2025-2005
OESA-2025-2006
RHSA-2025:15662
RHSA-2025_15471
RHSA-2025_15472
RHSA-2025_15661
SUSE-SU-2025:02853-1
SUSE-SU-2025:02923-1
SUSE-SU-2025:02969-1
SUSE-SU-2025:03023-1
SUSE-SU-2025:03283-1
SUSE-SU-2025:03314-1
SUSE-SU-2025_02853-1
SUSE-SU-2025_02969-1
USN-7769-1
USN-7769-2
USN-7770-1
USN-7771-1
USN-7774-1
USN-7774-2
USN-7774-3
USN-7775-1
USN-7776-1

Affected Products

Astra Linux
Centos
Debian
Linuxmint
Linux Kernel
Red Hat
Red Os
Suse
Ubuntu