Fixed
Created: Jul 22, 2025
Updated: Aug 28, 2025
Resolved Date: Aug 28, 2025
Found In Version: 10.22.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 22
Component/s: Kernel
In the Linux kernel, the following vulnerability has been resolved:EOL][EOL]posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()[EOL][EOL]If an exiting non-autoreaping task has already passed exit_notify() and[EOL]calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent[EOL]or debugger right after unlock_task_sighand().[EOL][EOL]If a concurrent posix_cpu_timer_del() runs at that moment, it won't be[EOL]able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or[EOL]lock_task_sighand() will fail.[EOL][EOL]Add the tsk->exit_state check into run_posix_cpu_timers() to fix this.[EOL][EOL]This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because[EOL]exit_task_work() is called before exit_notify(). But the check still[EOL]makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail[EOL]anyway in this case.
CREATE(Triage):(User=admin) [CVE-2025-38352 (https://nvd.nist.gov/vuln/detail/CVE-2025-38352)
