CVE-2025-38352

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()<br /> <br /> If an exiting non-autoreaping task has already passed exit_notify() and<br /> calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent<br /> or debugger right after unlock_task_sighand().<br /> <br /> If a concurrent posix_cpu_timer_del() runs at that moment, it won&amp;#39;t be<br /> able to detect timer-&gt;it.cpu.firing != 0: cpu_timer_task_rcu() and/or<br /> lock_task_sighand() will fail.<br /> <br /> Add the tsk-&gt;exit_state check into run_posix_cpu_timers() to fix this.<br /> <br /> This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because<br /> exit_task_work() is called before exit_notify(). But the check still<br /> makes sense, task_work_add(&amp;tsk-&gt;posix_cputimers_work.work) will fail<br /> anyway in this case.