APPLIED: [SRU][N][PATCH 0/1] CVE-2025-38352

[Edoardo Canepa]

Applied to noble/master-next. Thanks.

On 9/17/25 18:38, Massimiliano Pellizzer wrote:
> [ Impact ]
>
> posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
> If an exiting non-autoreaping task has already passed exit_notify() and
> calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent
> or debugger right after unlock_task_sighand().
>
> If a concurrent posix_cpu_timer_del() runs at that moment, it won't be
> able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or
> lock_task_sighand() will fail.
>
> Add the tsk->exit_state check into run_posix_cpu_timers() to fix this.
>
> [ Fix ]
>
> Plucky: Fixed through upstream stable updates (LP: #2119603)
> Noble: Cherry picked the fix commit from upstream
> Jammy: Fixed through upstream stable updates (LP: #2116904)
>
> [ Test Plan ]
>
> Compile tested only.
>
> [ Regression Potential ]
>
> A regression here is unlikely due to the very limited scope
> of the patch.
>
>
> Oleg Nesterov (1):
>    posix-cpu-timers: fix race between handle_posix_cpu_timers() and
>      posix_cpu_timer_del()
>
>   kernel/time/posix-cpu-timers.c | 9 +++++++++
>   1 file changed, 9 insertions(+)
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x20F88172E14F6784.asc
Type: application/pgp-keys
Size: 3167 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20251010/f86f8d67/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20251010/f86f8d67/attachment.sig>