CVE-2025-38498
Published: July 31, 2025Last modified: July 31, 2025
Description
In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking with the rest of mount(2).
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.5 |
| Attack Vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | NONE |
| Integrity impact | NONE |
| Availability impact | HIGH |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | linux-lts | Fixed (6.1.143-r1) |
| 25 LTS | linux-lts | Fixed (6.12.41-r0) | |
| Stream | linux-lts | Fixed (6.12.41-r0) |
References
- https://git.kernel.org/stable/c/064014f7812744451d5d0592f3d2bcd727f2ee93
- https://git.kernel.org/stable/c/12f147ddd6de7382dad54812e65f3f08d05809fc
- https://git.kernel.org/stable/c/19554c79a2095ddde850906a067915c1ef3a4114
- https://git.kernel.org/stable/c/432a171d60056489270c462e651e6c3a13f855b1
- https://git.kernel.org/stable/c/4f091ad0862b02dc42a19a120b7048de848561f8
- https://git.kernel.org/stable/c/787937c4e373f1722c4343e5a5a4eb0f8543e589
- https://git.kernel.org/stable/c/9c1ddfeb662b668fff69c5f1cfdd9f5d23d55d23
- https://git.kernel.org/stable/c/c7d11fdf8e5db5f34a6c062c7e6ba3a0971879d2
- https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
- https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html