目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2025-38352 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent or debugger right after unlock_task_sighand(). If a concurrent posix_cpu_timer_del() runs at that moment, it won't be able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or lock_task_sighand() will fail. Add the tsk->exit_state check into run_posix_cpu_timers() to fix this. This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because exit_task_work() is called before exit_notify(). But the check still makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail anyway in this case.
来源: 美国国家漏洞数据库 NVD
CVSS Information
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
N/A
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Linux kernel 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Linux kernel是美国Linux基金会的开源操作系统Linux所使用的内核。 Linux kernel存在安全漏洞,该漏洞源于posix-cpu-timers和posix_cpu_timer_del之间存在竞争条件,可能导致任务被错误回收。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
LinuxLinux 0bdd2ed4138ec04e09b4f8165981efc99e439f55 ~ 78a4b8e3795b31dae58762bc091bb0f4f74a2200 -
LinuxLinux 2.6.36 -
二、漏洞 CVE-2025-38352 的公开POC
#POC 描述源链接神龙链接
1This is a proof of concept for CVE-2025-38352, a vulnerability in the Linux kernel's POSIX CPU timers implementation. The September 2025 Android Bulletin mentions that this vulnerability has been used in limited, targeted exploitation in the wild.https://github.com/farazsth98/poc-CVE-2025-38352POC详情
2Android kernel exploit for CVE-2025-38352, previously exploited in-the-wild. Targets vulnerable Linux kernels v5.10.x.https://github.com/farazsth98/chronomalyPOC详情
3Nonehttps://github.com/Crime2/poc-CVE-2025-38352POC详情
4🛠️ Exploit the CVE-2025-38352 vulnerability in the Android/Linux kernel with Chronomaly, designed for efficient use on vulnerable v5.10.x kernels.https://github.com/Soikoth3010/chronomalyPOC详情
5🚀 Exploit the Android/Linux kernel using CVE-2025-38352 with Chronomaly, designed for vulnerable v5.10.x kernels without needing specific offsets.https://github.com/Soikoth3010/soikoth3010.github.ioPOC详情
6The official Sentinel Edition v7.11 - Hypervisor Detection & Kernel Memory Audit Suite for Honor Magic V2. Investigating CVE-2025-38352 and EL2 RKP defenses.https://github.com/jordelmir/Elysium-Vanguard-Sentinel-AuditPOC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2025-38352 的情报信息
Please 登录 to view more intelligence information
IV. Related Vulnerabilities
Same product: Linux
Same vendor: Linux
V. Comments for CVE-2025-38352
匿名用户
2026-01-15 06:09:53

Zaproxy alias impedit expedita quisquam pariatur exercitationem. Nemo rerum eveniet dolores rem quia dignissimos.

发表评论