SA-2025-105 - Linux POSIX CPU Timers Race Conditio... - Extreme Networks

Summary

A race condition in the Linux kernel’s POSIX CPU timers may allow a local, unprivileged attacker to trigger a privilege escalation. The flaw arises from improper synchronization when a process exits while CPU timers are being deleted. By exploiting this timing gap, an attacker can gain elevated privileges. The vulnerability impacts kernel versions where POSIX CPU timer handling lacks sufficient locking.

Products Potentially Affected

OS/Product	Exposure
ExtremeCloud IQ - Site Engine (XIQ-SE)	Yes

Repair Recommendations

ExtremeCloud IQ - Site Engine (XIQ-SE):

Fixed in 25.08.12 or later.

Please see the full Security Advisory article here for more details and future updates.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Extreme Networks

SA-2025-105 - Linux POSIX CPU Timers Race Condition (CVE-2025-38352)

SA-2023-047 - Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues (Leaking fr

SA-2023-107 - libcurl cookie injection with none file (CVE-2023-38546)

SA-2023-106 - SOCKS5 heap buffer overflow (CVE-2023-38545)