Linux Kernel Vulnerability in Mount Namespace Management
CVE-2025-38498
Currently unrated
What is CVE-2025-38498?
A vulnerability exists in the Linux kernel where the function responsible for changing mount propagation settings, do_change_type(), neglects proper checks on unmounted or foreign mounts. This flaw could allow unauthorized manipulation of mount permissions. The fix ensures that such operations can only be applied to mounts within the caller's own mount namespace, aligning permission checks with established standards of mount control. This enhancement mitigates the risk of potential exploitation related to mount permissions on Linux systems.