CVE-2025-38352

Published Jul 22, 2025

Last updated 5 months ago

Exploit knownCVSS high 7.4
Linux Kernel
Ubuntu
Mobile device

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-38352 is a vulnerability that exists in the Linux kernel, specifically within the handling of POSIX CPU timers. The vulnerability stems from a race condition between `handle_posix_cpu_timers()` and `posix_cpu_timer_del()`. This race condition can occur when a non-autoreaping task that is exiting has already passed `exit_notify()` and calls `handle_posix_cpu_timers()` from an interrupt request (IRQ). If a concurrent `posix_cpu_timer_del()` runs at the same time, it might not detect that `timer->it.cpu.firing != 0`, which can cause `cpu_timer_task_rcu()` and/or `lock_task_sighand()` to fail. This vulnerability can be exploited to gain elevated privileges on Android devices.

Description
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it won't be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case.
Source
416baaa9-dc9f-4396-8d5f-8c081fb06d67
NVD status
Analyzed
Products
linux_kernel, debian_linux

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.4
Impact score
5.9
Exploitability score
1.4
Vector string
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability
Exploit added on
Sep 4, 2025
Exploit action due
Sep 25, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-367

Social media

Hype score
Not currently trending

  1. The following vulnerabilities have been added to our feed: - CVE-2026-21509: Microsoft Office Word RCE - CVE-2025-38352: Linux Kernel LPE - 0DAY-2026-0004: SmarterMail LPE https://t.co/Nw6eZdt4CA

    @crowdfense

    16 Apr 2026

    455 Impressions

    1 Retweet

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  2. CVE-2025-38352 | 6 mentions | Vendors: debian, linux | Patch | debian_linux, linux_kernel | 11[.]0, 6[.]16 VulnSocial - your risk exposure provider. https://t.co/aDXBhsibia

    @vulnsocial

    6 Mar 2026

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Three parts series on analyzing CVE-2025-38352, a race condition use-after-free vulnerability in the Android Linux kernel's POSIX CPU timers Part 1: https://t.co/neKegZKoow Part 2: https://t.co/4DQn0BKh3l Part 3: https://t.co/ANTGH7t1y5 Credits @farazsth98 #infosec https://t.c

    @0xor0ne

    5 Mar 2026

    4914 Impressions

    17 Retweets

    112 Likes

    52 Bookmarks

    1 Reply

    0 Quotes

  4. 2026-02-22 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― CVE-2025-38352 - In-the-wild Android Kernel Vulnerability Analysis + PoC | Faith's Blog https://t.co/FDD2nr9jKA https://t.co/OtUlSYrWnr

    @motikan2010

    23 Feb 2026

    118 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-38352 - In-the-wild Android Kernel Vulnerability Analysis + PoC by @farazsth98 https://t.co/dd3BNvLTbb https://t.co/Cd5LvJjXjo

    @alexjplaskett

    22 Feb 2026

    6053 Impressions

    22 Retweets

    111 Likes

    66 Bookmarks

    1 Reply

    0 Quotes

  6. 🚨 URGENT: #SUSE Kernel RT Live Patch 2 (SUSE-SU-2026:0489-1) 🚨 Four critical CVEs fixed including CVE-2025-38352 (Race Condition) & CVE-2025-40129 (Unauthenticated NFS DoS). Read more: 👉 https://t.co/a1RZQN67Nt #Security https://t.co/sSHazKwSqa

    @Cezar_H_Linux

    13 Feb 2026

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. #Linux #VulnerabilityReport Racing the Zombie: PoC Released for Linux Kernel POSIX Timer Vulnerability (CVE-2025-38352) https://t.co/jx1WgYviK4

    @Komodosec

    30 Jan 2026

    48 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2025-38352 (Part 3) - Uncovering Chronomaly : https://t.co/2boyJFx1U1 Extending The Race Window Without a Kernel Patch (Part 2) : https://t.co/JWEn4Eh8iR In-the-wild Android Kernel Vulnerability Analysis + PoC : https://t.co/WME278c957 credits @farazsth98

    @binitamshah

    26 Jan 2026

    3132 Impressions

    7 Retweets

    37 Likes

    27 Bookmarks

    0 Replies

    0 Quotes

  9. PoC for CVE-2025-38352: race condition vulnerability in the Linux kernel's POSIX CPU timers implementation (@farazsth98) Part 1: https://t.co/neKegZKoow Part 2: https://t.co/4DQn0BKh3l #infosec https://t.co/0Up7zszZaU

    @0xor0ne

    22 Jan 2026

    7008 Impressions

    19 Retweets

    107 Likes

    51 Bookmarks

    1 Reply

    0 Quotes

  10. Analysis of a race condition vulnerability in Linux POSIX CPU Timer Subsystem (CVE-2025-38352) https://t.co/xr5DhZYS9m Credits @streypaws #infosec https://t.co/AOz1nIO0gD

    @0xor0ne

    19 Jan 2026

    3538 Impressions

    14 Retweets

    68 Likes

    24 Bookmarks

    1 Reply

    0 Quotes

  11. 🔓 Exploit CVE-2025-38352 in Android/Linux! Chronomaly targets v5.10.x kernels without specific offsets. 🚀 Get the scanner & full details on my page: https://t.co/lbqG36ZbMK #exploit #infosec #kernel #CVE202538352

    @TheExploitLab

    19 Jan 2026

    70 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Article series about exploiting CVE-2025-38352 @farazsth98 posted three articles about exploiting a race condition in the implementation of POSIX CPU timers. Part 1️⃣ describes reproducing this race condition https://t.co/o6poCwfBvz [1/3]

    @linkersec

    17 Jan 2026

    3167 Impressions

    19 Retweets

    54 Likes

    31 Bookmarks

    4 Replies

    0 Quotes

  13. ❗️Chronomaly: Android kernel exploit for CVE-2025-38352, previously exploited in-the-wild. Targets vulnerable Linux kernels v5.10.x. GitHub: https://t.co/upwQn77OwI https://t.co/TCiMfz7aOt

    @DarkWebInformer

    12 Jan 2026

    8502 Impressions

    23 Retweets

    97 Likes

    58 Bookmarks

    2 Replies

    0 Quotes

  14. #PoC #Exploit Released for #Android/#Linux Kernel Vulnerability CVE-2025-38352 https://t.co/aLTYN7Cl4o #cve #vulnerability #CyberSecurity

    @AntonioMinnella

    10 Jan 2026

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Analyzing and exploiting a race condition use-after-free vulnerability in the Linux kernel's POSIX CPU timers (CVE-2025-38352) https://t.co/neKegZKoow Credits @farazsth98 #infosec #Linux

    @0xor0ne

    9 Jan 2026

    4348 Impressions

    12 Retweets

    82 Likes

    46 Bookmarks

    2 Replies

    1 Quote

  16. CVE-2025-38352 - In-the-wild Android Kernel Vulnerability Analysis + PoC https://t.co/XZl764veHv PoC: https://t.co/19sBp74mWC

    @HackingTeam777

    8 Jan 2026

    2434 Impressions

    10 Retweets

    38 Likes

    19 Bookmarks

    1 Reply

    1 Quote

  17. PoC exploit for critical Linux kernel flaw CVE-2025-38352 released on GitHub, enabling root privilege escalation on 32-bit Android via a use-after-free bug previously used in targeted attacks. #Linux https://t.co/J1q4Fs7tFq

    @threatcluster

    7 Jan 2026

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🚨 “Chronomaly” PoC Exploit for Linux Kernel CVE-2025-38352 Enables Root on Vulnerable Android/Linux Builds A working PoC exploit dubbed “Chronomaly” targets CVE-2025-38352 (POSIX CPU timers UAF/race) to escalate privileges to root, with techniques that expand the race

    @ThreatSynop

    7 Jan 2026

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Linux Kernel POSIX CPU Timer の脆弱性 CVE-2025-38352:Android 標的の PoC が公開 https://t.co/cSpIvTPHpB

    @iototsecnews

    5 Jan 2026

    137 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. I'm excited to finally share Chronomaly, a kernel exploit for Android and Linux kernels 5.10.x using CVE-2025-38352. As a reminder, please patch your Android devices if you haven't already! I recommend getting some 🍿 before reading this post 👀 All links in the thread bel

    @farazsth98

    3 Jan 2026

    14922 Impressions

    71 Retweets

    299 Likes

    196 Bookmarks

    7 Replies

    2 Quotes

  21. CVE-2025-38352 exploit is finished!🎉 Definitely my most complex exploit to date! 😩 I'll release the exploit with part 3 of the blog post very soon! It targets vulnerable kernels 5.10.xx, no specific devices. Finally, demo time! Don't fall asleep while watching it! 🤣 ht

    @farazsth98

    2 Jan 2026

    21649 Impressions

    37 Retweets

    314 Likes

    104 Bookmarks

    10 Replies

    2 Quotes

  22. #exploit #Kernel_Security #Mobile_security CVE-2025-38352: Part 1 - https://t.co/FMzrGlrjGJ In-the-wild Android Kernel Vulnerability Analysis + PoC https://t.co/OoXEPB4JVW Part 2 - https://t.co/0GQbCIB9Cw Extending The Race Window Without a Kernel Patch ]-> Final PoC

    @ksg93rd

    29 Dec 2025

    4121 Impressions

    18 Retweets

    98 Likes

    43 Bookmarks

    1 Reply

    0 Quotes

  23. CVE-2025-38352: Why the New Linux POSIX Timer Bug is the Most Dangerous Race Condition of 2025 Read the full report on - https://t.co/nrEuX00B2G https://t.co/JdCisjKvPF

    @cyberbivash

    27 Dec 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 📝 𝐏𝐨𝐂 𝐑𝐞𝐥𝐞𝐚𝐬𝐞𝐝 𝐟𝐨𝐫 𝐋𝐢𝐧𝐮𝐱 𝐊𝐞𝐫𝐧𝐞𝐥 𝐔𝐬𝐞-𝐀𝐟𝐭𝐞𝐫-𝐅𝐫𝐞𝐞 𝐅𝐥𝐚𝐰 • A public proof-of-concept (PoC) exploit is available for CVE-2025-38352, a race condition in the

    @PurpleOps_io

    26 Dec 2025

    80 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. LinuxカーネルのPOSIX CPUタイマー処理に起因する欠陥で、競合状態を突く実証コードが公開された。ゾンビ化したタスクとタイマー解放が衝突し、解放済みメモリ参照を誘発する点が注目されている。 問題はCVE

    @yousukezan

    24 Dec 2025

    2122 Impressions

    2 Retweets

    18 Likes

    11 Bookmarks

    0 Replies

    0 Quotes

  26. 🛡️ PoC Exploit Released for Linux Kernel’s POSIX CPU Timers Implementation Vulnerability Source: https://t.co/S00xzhRURX A proof-of-concept (PoC) exploit has been publicly released for CVE-2025-38352, a race condition vulnerability affecting the Linux kernel’s POSIX C

    @The_Cyber_News

    23 Dec 2025

    3307 Impressions

    22 Retweets

    72 Likes

    29 Bookmarks

    1 Reply

    0 Quotes

  27. 2025-12-22 の人気記事はコチラでした。(自動ツイート) #Hacker_Trends ――― CVE-2025-38352 - In-the-wild Android Kernel Vulnerability Analysis + PoC | Faith's Blog https://t.co/zpOujuEJcP https://t.co/JYSeoZY9eJ

    @motikan2010

    23 Dec 2025

    65 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. CVE-2025-38352 - In-the-wild Android Kernel Vulnerability Analysis + PoC https://t.co/VwOAq4e4jh

    @securityshell

    22 Dec 2025

    1292 Impressions

    5 Retweets

    7 Likes

    5 Bookmarks

    1 Reply

    0 Quotes

  29. poc-CVE-2025-38352 #exploit #scanner This is a proof of concept for CVE-2025-38352, a vulnerability in the Linux kernel's POSIX CPU timers implementation. The September 2025 Android Bulletin mentions that this vulnerability has been u... https://t.co/dhiIhIkduG

    @TheExploitLab

    22 Dec 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. GitHub - farazsth98/poc-CVE-2025-38352: This is a proof of concept for CVE-2025-38352, a vulnerability in the Linux kernel's POSIX CPU timers implementation. The September 2025 Android Bulletin mentions that this vulnerability has been used in limited, https://t.co/E9X6enlznH

    @akaclandestine

    22 Dec 2025

    2235 Impressions

    4 Retweets

    25 Likes

    19 Bookmarks

    0 Replies

    0 Quotes

  31. CVE-2025-38352 - In-the-wild Android Kernel Vulnerability Analysis + PoC https://t.co/XZl764vMx3 PoC: https://t.co/19sBp74UMa

    @HackingTeam777

    22 Dec 2025

    1154 Impressions

    1 Retweet

    8 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  32. CVE-2025-38352: In-the-wild Android Kernel Vulnerability Analysis + PoC By @farazsth98 https://t.co/pMpCIVUVbf

    @0x_shaq

    22 Dec 2025

    8355 Impressions

    28 Retweets

    102 Likes

    79 Bookmarks

    0 Replies

    0 Quotes

  33. CVE-2025-38352 - In-the-wild Android Kernel Vulnerability Analysis + PoC | Faith's Blog - https://t.co/1tyz8mjpSG

    @piedpiper1616

    22 Dec 2025

    3155 Impressions

    7 Retweets

    47 Likes

    16 Bookmarks

    0 Replies

    0 Quotes

  34. After reading @streypaws blog post on CVE-2025-38352, I ended up writing my own PoC for it. I also wrote a blog post on my approach to analyzing and recreating the PoC. Hopefully it is useful to others! See link in the reply tweet below! https://t.co/Ldt8EWsEQT

    @farazsth98

    22 Dec 2025

    16953 Impressions

    24 Retweets

    140 Likes

    78 Bookmarks

    2 Replies

    2 Quotes

  35. ⚠️Vulnerabilidades en productos Ubuntu ❗CVE-2025-40114 ❗CVE-2025-22020 ❗CVE-2025-38352 ➡️Más info: https://t.co/9iTB2KEkdu https://t.co/R5ZZTUMdXE

    @CERTpy

    13 Nov 2025

    100 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. #VulnerabilityReport #android Researcher Details Zero-Day Linux/Android Kernel Flaw (CVE-2025-38352) https://t.co/Be4Yi5DCJi

    @Komodosec

    8 Nov 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. Linux POSIX CPU Timer Subsystem and Android race condition vulnerability analysis (CVE-2025-38352) https://t.co/xr5DhZYS9m Credits @streypaws #nfosec https://t.co/O0NSKe0UxR

    @0xor0ne

    2 Nov 2025

    6258 Impressions

    19 Retweets

    98 Likes

    46 Bookmarks

    1 Reply

    0 Quotes

  38. Patch NOW: Actively Exploited Linux/Android Kernel Zero-Day (CVE-2025-38352) Gives Attackers ROOT Access Read the full details on - https://t.co/jejLimxZDe https://t.co/3KtsEqUXDt

    @cyberbivash

    3 Oct 2025

    8 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  39. Linux POSIX CPU Timer Subsystem and vulnerability patch analysis for CVE-2025-38352 ((posix-cpu-timers TOCTOU Race condition)) https://t.co/xr5DhZYS9m Credits @streypaws #infosec #Linux https://t.co/A306jbFBcG

    @0xor0ne

    26 Sept 2025

    338 Impressions

    0 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. CVE-2025-38352 Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability: Linux kernel contains a time-of-check time-of-use (TOCTOU) race condition vulnerability that has a high impact on confidentiality, integrity, and availability.

    @ZeroDayFacts

    20 Sept 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. تحذير عاجل من جوجل: ثغرتان “Zero-Day” تهددان خصوصية مستخدمي أندرويد اكتشفت جوجل ثغرتين برمجيتين خطيرتين في نظام أندرويد (CVE-2025-38352 & CVE-2025-48543) تُتيحان للقراص

    @EgyptWindowN

    13 Sept 2025

    100 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. 🛡️ Cyber Threat Digest – 2025-09-11 KEV: CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use NVD: CVE-2025-10231 — Incorrect File Handling Permission News: DDoS defender targeted in 1.5 Bpps… #cybersecurity #infosec #CVE More: https://t.co/J1fpKfnDnv

    @dpharristech

    11 Sept 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. 🛡️ Cyber Threat Digest – 2025-09-09 KEV: CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use NVD: CVE-2025-22956 — OPSI before 4.3 allows News: Microsoft: Anti-spam bug blocks links in… #cybersecurity #infosec #CVE More: https://t.co/J1fpKfnDnv

    @dpharristech

    9 Sept 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. My research on CVE-2025-38352 (posix-cpu-timers TOCTOU Race condition) which was released in @Android Sept 2025 Bulletin, covering the internals, the patch-fix, vulnerability analysis, and a demo of a PoC that caused a crash in the Android kernel. Blog: https://t.co/ses8onPxiO

    @streypaws

    9 Sept 2025

    8962 Impressions

    35 Retweets

    157 Likes

    82 Bookmarks

    2 Replies

    1 Quote

  45. 🛡️ Cyber Threat Digest – 2025-09-08 KEV: CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use NVD: CVE-2025-39727 — In the Linux kernel News: Google to make it easier to… #cybersecurity #infosec #CVE More: https://t.co/J1fpKfnDnv

    @dpharristech

    8 Sept 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. Google has issued its September 2025 security update for Android, addressing 84 vulnerabilities, including two actively exploited zero-days: CVE-2025-38352 (elevation of privilege in the Android kernel) CVE-2025-48543 (Android Runtime bypass) Additional critical fixes include a

    @host1up

    8 Sept 2025

    86 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  47. Google ปล่อยอัปเดตความปลอดภัย Android เดือนกันยายน ซึ่งรวมการแก้ไขช่องโหว่จำนวนมาก และระบุว่ามี ช่องโหว่ Zero-

    @cyber_thailand1

    8 Sept 2025

    0 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  48. 🔴 جوجل تُحذر مستخدمي أندرويد من ثغرتين خطيرتين! - CVE-2025-48543 - CVE-2025-38352 https://t.co/9rdmBCVMoA #تقنية #برمجة #أمن_سيبراني #ذكاء_اصطناعي #تكنولوجيا #ابتكار #تطوير #مستقب

    @AAlkwn46468

    7 Sept 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  49. 🚨 KeysGuard Alert - Sept 7 🔴 CRITICAL: • GhostRedirector APT: 65+ servers hit • HexStrike-AI weaponized • Sitecore 0-day exploited • Linux CVE-2025-38352 active 📈 AI scams +148% #CyberSecurity #ThreatIntel https://t.co/FaskCRz3ky

    @404LABSx

    7 Sept 2025

    81 Impressions

    0 Retweets

    6 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. 🚨 KeysGuard Alert - Sept 7 🔴 CRITICAL: • GhostRedirector APT: 65+ servers hit • HexStrike-AI weaponized • Sitecore 0-day exploited • Linux CVE-2025-38352 active 📈 AI scams +148% #CyberSecurity #ThreatIntel https://t.co/StcYi64Wf6

    @404LABSx

    7 Sept 2025

    63 Impressions

    0 Retweets

    6 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS#7 or S/MIME signed message, if the SignedData digestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may incorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent use of the BIO by the calling application results in a use-after-free condition. In the common case this occurs when the application later calls BIO_free() on the BIO originally passed to PKCS7_verify(). Depending on allocator behavior and application-specific BIO usage patterns, this may result in a crash or other memory corruption. In some application contexts this may potentially be exploitable for remote code execution. Applications that process PKCS#7 or S/MIME signed messages using OpenSSL PKCS#7 APIs may be affected. Applications using the CMS APIs for this processing are not affected. The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary.CVE-2026-45447
  2. Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67.CVE-2026-49975
  3. Check Point Security Gateway Improper Authentication VulnerabilityCVE-2026-50751
  4. In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when the MSS is less than 224 bytes. Attempting to send such packets causes the adapter to freeze, stopping all traffic until manually reset. Implement ndo_features_check to disable GSO for packets with small MSS values. The network stack will perform software segmentation instead. The 224-byte minimum matches ibmvnic commit <f10b09ef687f> ("ibmvnic: Enforce stronger sanity checks on GSO packets") which uses the same physical adapters in SEA configurations. The issue occurs specifically when the hardware attempts to perform segmentation (gso_segs > 1) with a small MSS. Single-segment GSO packets (gso_segs == 1) do not trigger the problematic LSO code path and are transmitted normally without segmentation. Add an ndo_features_check callback to disable GSO when MSS < 224 bytes. Also call vlan_features_check() to ensure proper handling of VLAN packets, particularly QinQ (802.1ad) configurations where the hardware parser may not support certain offload features. Validated using iptables to force small MSS values. Without the fix, the adapter freezes. With the fix, packets are segmented in software and transmission succeeds. Comprehensive regression testing completedd (MSS tests, performance, stability).CVE-2026-46273
  5. In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf and sysfs mode simultaneously, the WARN_ON() in tmc_etr_enable_hw() is triggered sometimes: WARNING: CPU: 42 PID: 3911571 at drivers/hwtracing/coresight/coresight-tmc-etr.c:1060 tmc_etr_enable_hw+0xc0/0xd8 [coresight_tmc] [..snip..] Call trace: tmc_etr_enable_hw+0xc0/0xd8 [coresight_tmc] (P) tmc_enable_etr_sink+0x11c/0x250 [coresight_tmc] (L) tmc_enable_etr_sink+0x11c/0x250 [coresight_tmc] coresight_enable_path+0x1c8/0x218 [coresight] coresight_enable_sysfs+0xa4/0x228 [coresight] enable_source_store+0x58/0xa8 [coresight] dev_attr_store+0x20/0x40 sysfs_kf_write+0x4c/0x68 kernfs_fop_write_iter+0x120/0x1b8 vfs_write+0x2c8/0x388 ksys_write+0x74/0x108 __arm64_sys_write+0x24/0x38 el0_svc_common.constprop.0+0x64/0x148 do_el0_svc+0x24/0x38 el0_svc+0x3c/0x130 el0t_64_sync_handler+0xc8/0xd0 el0t_64_sync+0x1ac/0x1b0 ---[ end trace 0000000000000000 ]--- Since the enablement of sysfs mode is separeted into two critical regions, one for sysfs buffer allocation and another for hardware enablement, it's possible to race with the perf mode. Fix this by double check whether the perf mode's been used before enabling the hardware in sysfs mode. mode: [sysfs mode] [perf mode] tmc_etr_get_sysfs_buffer() spin_lock(&drvdata->spinlock) [sysfs buffer allocation] spin_unlock(&drvdata->spinlock) spin_lock(&drvdata->spinlock) tmc_etr_enable_hw() drvdata->etr_buf = etr_perf->etr_buf spin_unlock(&drvdata->spinlock) spin_lock(&drvdata->spinlock) tmc_etr_enable_hw() WARN_ON(drvdata->etr_buf) // WARN sicne etr_buf initialized at the perf side spin_unlock(&drvdata->spinlock) With this fix, we retain the check for CS_MODE_PERF in get_etr_sysfs_buf. This ensures we verify whether the perf mode's already running before we actually allocate the buffer. Then we can save the time of allocating/freeing the sysfs buffer if race with the perf mode.CVE-2026-46272

References

Sources include official advisories and independent security research.