You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2025-38352
About this tag
CVE-2025-38352 is a high-impact local vulnerability in the Linux kernel's POSIX CPU timer handling, caused by a subtle race condition. The flaw could lead to incorrect timer deletion behavior, hangs, or crashes in pathological workloads, posing an availability and stability risk. A fix was accepted upstream in July 2025, and operators are urged to apply vendor patches or backports immediately. The vulnerability was also added to CISA's Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation and requiring urgent remediation under BOD 22-01. Discussions on WindowsForum cover the technical details of the race condition, the upstream fix, and the broader implications for enterprise IT security.
A subtle race in the Linux kernel’s POSIX CPU timer handling — tracked as CVE-2025-38352 — was fixed upstream in July 2025 after maintainers accepted a small, surgical change that prevents an exiting task from being reaped while posix CPU timer expiry handling is in flight. The flaw could lead...
CISA’s latest update to the Known Exploited Vulnerabilities (KEV) Catalog adds three actively exploited flaws — a Linux kernel TOCTOU race condition, an Android Runtime issue, and a high‑impact Sitecore deserialization vulnerability — forcing organizations that track KEV and federal agencies...