Vulnerability in Linux
CVE-2025-38352
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls hand…
EPSS: 0.001 (33.1th percentile) — read the EPSS interpretation.
Affected products
- Linux — versions 0bdd2ed4138ec04e09b4f8165981efc99e439f55, 2.6.36, 0
CISA KEV (Known Exploited Vulnerabilities)
This CVE is on the CISA KEV catalog, added on . CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.
BOD 22-01 due date: .
Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Public proof-of-concept exploits
References
- git.kernel.org/stable/c/78a4b8e3795b31dae58762bc091bb0f4f74a2200
- git.kernel.org/stable/c/c076635b3a42771ace7d276de8dc3bc76ee2ba1b
- git.kernel.org/stable/c/2f3daa04a9328220de46f0d5c919a6c0073a9f0b
- git.kernel.org/stable/c/764a7a5dfda23f69919441f2eac2a83e7db6e5bb
- git.kernel.org/stable/c/2c72fe18cc5f9f1750f5bc148cf1c94c29e106ff
- git.kernel.org/stable/c/c29d5318708e67ac13c1b6fc1007d179fb65b4d7
- git.kernel.org/stable/c/460188bc042a3f40f72d34b9f7fc6ee66b0b757b
- git.kernel.org/stable/c/f90fff1e152dedf52b932240ebbd670d83330eca
Frequently asked questions
- What is CVE-2025-38352?
- CVE-2025-38352 is a vulnerability in Linux. Published 2025-07-22.
- Is CVE-2025-38352 known to be exploited?
- Yes. CVE-2025-38352 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2025-09-04), indicating it is being actively exploited. 12 public proof-of-concept repositories are indexed.