CVE-2025-38352CISA KEV: Actively Exploited

Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability

Published Sep 4, 2025·Updated Sep 4, 2025

Description

Linux kernel contains a time-of-check time-of-use (TOCTOU) race condition vulnerability that has a high impact on confidentiality, integrity, and availability.

Public Exploits & PoCs6 found

PoC: chronomaly

Android kernel exploit for CVE-2025-38352, previously exploited in-the-wild. Targets vulnerable Linux kernels v5.10.x.

6

PoC: chronomaly-webos

CVE-2025-38352 kernel exploit for LG webOS Smart TVs (ARM64). Achieves persistent root on real consumer hardware with novel exploitation techniques. Responsibly disclosed to LG.

2

PoC: Elysium-Vanguard-Sentinel-Audit

The official Sentinel Edition v7.11 - Hypervisor Detection & Kernel Memory Audit Suite for Honor Magic V2. Investigating CVE-2025-38352 and EL2 RKP defenses.

PoC: soikoth3010.github.io

🚀 Exploit the Android/Linux kernel using CVE-2025-38352 with Chronomaly, designed for vulnerable v5.10.x kernels without needing specific offsets.

PoC: poc-CVE-2025-38352

This is a proof of concept for CVE-2025-38352, a vulnerability in the Linux kernel's POSIX CPU timers implementation. The September 2025 Android Bulletin mentions that this vulnerability has been used in limited, targeted exploitation in the wild.

PoC: chronomaly

🛠️ Exploit the CVE-2025-38352 vulnerability in the Android/Linux kernel with Chronomaly, designed for efficient use on vulnerable v5.10.x kernels.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free