IM
IronMonkey Threat Research

CVE-2025-38498 MEDIUM

Published: 2025-07-30 | Last Modified: 2026-05-12 | Status: Modified

Description

In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking with the rest of mount(2).

Additional Descriptions (1)

En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: do_change_type(): se niega a operar en montajes no montados o que no son nuestros. Garantiza que la configuración de propagación solo se pueda cambiar para los montajes ubicados en el espacio de nombres de montaje del invocador. Este cambio alinea la comprobación de permisos con el resto de mount(2).

CVSS Metrics

Base Score: 5.5 (MEDIUM)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack VectorLOCAL
Attack ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
ScopeUNCHANGED
Confidentiality ImpactNONE
Integrity ImpactNONE
Availability ImpactHIGH

Source: [email protected]

Type: Primary

Exploitability Score: 1.8

Impact Score: 3.6

Weaknesses

Source Type Description
[email protected] Primary
en NVD-CWE-noinfo

Affected Products

Vendor Product Version Update Type
linux linux_kernel * <built-in method update of dict object at 0x702bcc9b1240> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bfc2a7200> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702b703764c0> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bdc9f4900> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bcc9b1800> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702bdc9f4880> Operating System
linux linux_kernel * <built-in method update of dict object at 0x702d72d08800> Operating System
debian debian_linux 11.0 <built-in method update of dict object at 0x702bde164880> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Yes cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*

References

Notification
Message here