ACK: [SRU][N][PATCH 0/1] CVE-2025-38352
Alessio Faina
alessio.faina at canonical.com
Thu Sep 18 07:14:09 UTC 2025
On Wed, Sep 17, 2025 at 06:38:37PM +0200, Massimiliano Pellizzer wrote:
> [ Impact ]
>
> posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
> If an exiting non-autoreaping task has already passed exit_notify() and
> calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent
> or debugger right after unlock_task_sighand().
>
> If a concurrent posix_cpu_timer_del() runs at that moment, it won't be
> able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or
> lock_task_sighand() will fail.
>
> Add the tsk->exit_state check into run_posix_cpu_timers() to fix this.
>
> [ Fix ]
>
> Plucky: Fixed through upstream stable updates (LP: #2119603)
> Noble: Cherry picked the fix commit from upstream
> Jammy: Fixed through upstream stable updates (LP: #2116904)
>
> [ Test Plan ]
>
> Compile tested only.
>
> [ Regression Potential ]
>
> A regression here is unlikely due to the very limited scope
> of the patch.
>
>
> Oleg Nesterov (1):
> posix-cpu-timers: fix race between handle_posix_cpu_timers() and
> posix_cpu_timer_del()
>
> kernel/time/posix-cpu-timers.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> --
> 2.48.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Acked-by: Alessio Faina <alessio.faina at canonical.com>
More information about the kernel-team
mailing list