A critical race condition vulnerability in the Linux kernel’s POSIX CPU timers has been exposed through a detailed proof-of-concept, one of the most sophisticated kernel exploits targeting Android devices.
CVE-2025-38352 represents a use-after-free (UAF) vulnerability in the Linux kernel’s POSIX CPU timers implementation.
The flaw was previously reported under limited, targeted exploitation in real-world Android environments.
Now, security researchers have released a fully functional proof of concept demonstrating the vulnerability’s mechanics.
https://gbhackers.com/poc-exploit-relea ... ux-kernel/