Ddos 
Cybersecurity researcher farazsth98 has presented new findings related to an exploited security issue in Linux kernel flaw that could be abused by an attacker to privilege escalation.
The vulnerability, tracked as CVE-2025-38352 (CVSS 7.4), is a high-severity Elevation of Privilege (EoP) vulnerability deep within the Android kernel. While the flaw was first disclosed in July 2025, it has now been weaponized.
The vulnerability is a race condition in the kernel’s POSIX CPU timers. Specifically, it disrupts the task cleanup process, allowing attackers to trigger memory corruption.
Successfully exploiting this vulnerability could potentially lead to crashes, denial of service, and privilege escalation.
A public exploit named “Chronomaly” has been developed for this flaw. Written by researcher farazsth98, the exploit targets Linux kernel v5.10.157, but experts warn it “should work against all vulnerable v5.10.x kernels” because it doesn’t rely on specific kernel memory offsets. This makes it a highly portable and dangerous weapon for local attackers looking to gain root access.
Google’s advisory confirms that this flaw was detected in zero-day attacks—meaning hackers were using them before a fix was available to the public. “There are indications that the following may be under limited, targeted exploitation,” suggesting advanced threat actors may be using them against specific high-value targets.
The September 2025 update brings the security patch level to 2025-09-05, addressing this zero-day along with dozens of other bugs.
Users are strongly advised to check for updates immediately.
Donate