AI description
CVE-2025-38352 is a vulnerability that exists in the Linux kernel, specifically within the handling of POSIX CPU timers. The vulnerability stems from a race condition between `handle_posix_cpu_timers()` and `posix_cpu_timer_del()`. This race condition can occur when a non-autoreaping task that is exiting has already passed `exit_notify()` and calls `handle_posix_cpu_timers()` from an interrupt request (IRQ). If a concurrent `posix_cpu_timer_del()` runs at the same time, it might not detect that `timer->it.cpu.firing != 0`, which can cause `cpu_timer_task_rcu()` and/or `lock_task_sighand()` to fail. This vulnerability can be exploited to gain elevated privileges on Android devices.
- Description
- In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it won't be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case.
- Source
- 416baaa9-dc9f-4396-8d5f-8c081fb06d67
- NVD status
- Analyzed
- Products
- linux_kernel
CVSS 3.1
- Type
- Secondary
- Base score
- 7.4
- Impact score
- 5.9
- Exploitability score
- 1.4
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability
- Exploit added on
- Sep 4, 2025
- Exploit action due
- Sep 25, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-367
- Hype score
- Not currently trending
Deux failles de sécurité ont été corrigées par Google dans le patch de sécurité Android de septembre 2025. CVE-2025-38352 : Cette faille affecte le noyau Linux au cœur d'Android. CVE-2025-48543 : Cette autre faille concerne l'Android Runtime; l'exécution de Java et Kot
@mostefaouismail
7 Sept 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Cyber Threat Digest – 2025-09-07 KEV: CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use NVD: CVE-2025-10034 — vulnerability was found in News: VirusTotal finds hidden malware phishing campaign… #cybersecurity #infosec #CVE More: https://t.co/J1fpKfnDnv
@dpharristech
7 Sept 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ Cyber Threat Digest – 2025-09-06 KEV: CVE-2025-38352 — Linux Kernel Time-of-Check Time-of-Use NVD: CVE-2025-10011 — weakness has been identified News: Microsoft now enforces MFA on Azure… #cybersecurity #infosec #CVE More: https://t.co/J1fpKfnDnv
@dpharristech
6 Sept 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2025-38352
@transilienceai
6 Sept 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
In September 2025, Google released a significant Android security update addressing 84 vulnerabilities, including two actively exploited zero-day flaws: CVE-2025-38352 (an elevation of privilege flaw in the Android kernel) and CVE-2025-48543 .
@pdrajeev_11
5 Sept 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🛡️ We added Linux kernel, Android runtime, and Sitecore vulnerabilities CVE-2025-38352, CVE-2025-48543, & CVE-2025-53690 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/dlW52McD9e & apply mitigations to protect your org from cyberattacks. #Cybersec
@sirjameshackz
4 Sept 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google、現在悪用されているAndroidの脆弱性(CVE-2025-48543、CVE-2025-38352)を修正 Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352) #HelpNetSecurity (Sep 4) https://t.co/gnuc8B9nNh
@foxbook
4 Sept 2025
280 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-38352 #Linux #Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability https://t.co/fOYCHvvIbn
@ScyScan
4 Sept 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Linux kernel, Android runtime, and Sitecore vulnerabilities CVE-2025-38352, CVE-2025-48543, & CVE-2025-53690 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersec
@CISACyber
4 Sept 2025
4781 Impressions
17 Retweets
34 Likes
7 Bookmarks
5 Replies
0 Quotes
Google fixes actively exploited Android vulnerabilities (CVE-2025-48543, CVE-2025-38352) https://t.co/EN2VOkTnbV #HelpNetSecurity #Cybersecurity https://t.co/Ft7YeNtjYB
@PoseidonTPA
4 Sept 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Google fixes actively exploited #Android vulnerabilities (#CVE-2025-48543, CVE-2025-38352) https://t.co/4NnZRXIkgF
@ScyScan
4 Sept 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google released September Android fixes for 100+ flaws, including CVE-2025-48543 and CVE-2025-38352 under targeted exploitation. Critical CVE-2025-48539 allows adjacent RCE. Updates shipped for Pixel and Samsung; Motorola patched 48543 only.
@oxhak
4 Sept 2025
54 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
#Google fixes actively exploited #Android vulnerabilities (CVE-2025-48543, CVE-2025-38352) https://t.co/Jfj55nUUyq https://t.co/0m2pTnSBKp
@evanderburg
4 Sept 2025
109 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google's September Android security update fixes 84 vulnerabilities, including two zero-day flaws actively exploited (CVE-2025-38352 in the kernel and CVE-2025-48543 in Android Runtime) and four critical RCE flaws in System and Qualcomm components. Keep your devices updated!
@bigmacd16684
4 Sept 2025
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google rolled out September 2025 security updates, fixing 120 vulnerabilities in #Android, including two privilege escalation flaws (CVE-2025-38352 in Kernel and CVE-2025-48543 in Runtime) actively exploited in targeted attacks w/ no user interaction needed.
@SentinelLinkHQ
4 Sept 2025
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️脅威アクターがXのGrok AIを悪用し、有害なリンクを拡散 🔨Androidセキュリティアラート:Google、攻撃を受けたゼロデイ脆弱性2件を含む120件の脆弱性を修正(CVE-2025-38352、CVE-2025-48543他) 〜サイバーアラー
@MachinaRecord
4 Sept 2025
154 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Androidが月次セキュリティ更新を配信。今年最多となる120件の修正を含む。LinuxカーネルのCVE-2025-38352とAndroidランタイム環境のCVE-2025-48543は既に限定的範囲で標的型攻撃に使用されている。攻撃者名は記載され
@__kokumoto
3 Sept 2025
1363 Impressions
4 Retweets
11 Likes
0 Bookmarks
0 Replies
1 Quote
🚨BREKAING: Android Security Alert: Google’s September update patches 120 vulnerabilities, including two zero-days already exploited in targeted attacks. ⚠️ CVE-2025-38352 — Linux Kernel flaw (privilege escalation, CVSS 7.4) ⚠️ CVE-2025-48543 — Android Runtime fl
@BreachTrends
3 Sept 2025
167 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Google’s September 2025 Android update fixes 84 vulnerabilities, including two zero-day exploits CVE-2025-38352 and CVE-2025-48543 affecting Android 13-16, Qualcomm chips, and some Samsung devices. #AndroidUpdate #QualcommFix #USA https://t.co/ikEY94PTnq
@TweetThreatNews
3 Sept 2025
184 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 قامت جوجل بإرسال تحديثات أمان في سبتمبر 2025 لسد 120 ثغرة في نظام أندرويد، بما في ذلك ثغرتين تم استغلالهما في هجمات مستهدفة. تشمل الثغرات CVE-2025-38352، وهي ضعف
@Cybercachear
3 Sept 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Android Security Bulletin - September 2025 https://t.co/l6BgTvIgm2 Exploited ITW: (CVE-2025-38352)[425282960][posix-cpu-timers]Race condition between handle_posix_cpu_timers() and posix_cpu_timer_del() https://t.co/thsIxGfF9j (CVE-2025-48543)[421834866][Android Runtime]
@xvonfers
3 Sept 2025
2808 Impressions
10 Retweets
39 Likes
13 Bookmarks
1 Reply
1 Quote
SIOSセキュリティブログを更新しました。 Linux Kernelの脆弱性(CVE-2025-38091〜CVE-2025-38352) #security #vulnerability #セキュリティ #脆弱性 #linux #kernel https://t.co/NhF4RsHtRy
@omokazuki
23 Jul 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-38352 Race Condition in Linux Kernel Posix CPU Timers Handling Mechanism https://t.co/bGqFFzNVDa
@VulmonFeeds
22 Jul 2025
16 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-38352 In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exi… https://t.co/aoA38NrfFb
@CVEnew
22 Jul 2025
160 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA6F945B-F2BB-4787-B4AD-104604AAF325",
"versionEndExcluding": "5.4.295",
"versionStartIncluding": "2.6.36"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C3D14F4C-A21E-465D-A928-5CCE684E2B98",
"versionEndExcluding": "5.10.239",
"versionStartIncluding": "5.5"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D96F2C0D-0D4A-4658-AD34-D8A626EA422D",
"versionEndExcluding": "5.15.186",
"versionStartIncluding": "5.11"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "459B4E94-FE0E-434D-B782-95E3A5FFC6B1",
"versionEndExcluding": "6.1.142",
"versionStartIncluding": "5.16"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "304E3F01-7D7A-4908-994E-7F95C5C00B06",
"versionEndExcluding": "6.6.94",
"versionStartIncluding": "6.2"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4FFA54AA-CDFE-4591-BD07-72813D0948F4",
"versionEndExcluding": "6.12.34",
"versionStartIncluding": "6.7"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0541C761-BD5E-4C1A-8432-83B375D7EB92",
"versionEndExcluding": "6.15.3",
"versionStartIncluding": "6.13"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:6.16:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D4894DB-CCFE-4602-B1BF-3960B2E19A01"
}
],
"operator": "OR"
}
]
}
]