CVE-2025-38498 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking with the rest of mount(2).

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel

No data.

References

Link	Providers
https://git.kernel.org/stable/c/064014f7812744451d5d0592f3d2bcd727f2ee93
https://git.kernel.org/stable/c/12f147ddd6de7382dad54812e65f3f08d05809fc
https://git.kernel.org/stable/c/19554c79a2095ddde850906a067915c1ef3a4114
https://git.kernel.org/stable/c/432a171d60056489270c462e651e6c3a13f855b1
https://git.kernel.org/stable/c/4f091ad0862b02dc42a19a120b7048de848561f8
https://git.kernel.org/stable/c/787937c4e373f1722c4343e5a5a4eb0f8543e589
https://git.kernel.org/stable/c/9c1ddfeb662b668fff69c5f1cfdd9f5d23d55d23
https://git.kernel.org/stable/c/c7d11fdf8e5db5f34a6c062c7e6ba3a0971879d2
https://lore.kernel.org/linux-cve-announce/2025073029-CVE-2025-38498-e3ab@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-38498
https://www.cve.org/CVERecord?id=CVE-2025-38498

History

Wed, 30 Jul 2025 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Vendors & Products		Linux Linux linux Kernel

Wed, 30 Jul 2025 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025073029-CVE-2025-38498-e3ab@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-38498 https://www.cve.org/CVERecord?id=CVE-2025-38498
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Wed, 30 Jul 2025 06:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking with the rest of mount(2).
Title		do_change_type(): refuse to operate on unmounted/not ours mounts
References		https://git.kernel.org/stable/c/064014f7812744451d5d0592f3d2bcd727f2ee93 https://git.kernel.org/stable/c/12f147ddd6de7382dad54812e65f3f08d05809fc https://git.kernel.org/stable/c/19554c79a2095ddde850906a067915c1ef3a4114 https://git.kernel.org/stable/c/432a171d60056489270c462e651e6c3a13f855b1 https://git.kernel.org/stable/c/4f091ad0862b02dc42a19a120b7048de848561f8 https://git.kernel.org/stable/c/787937c4e373f1722c4343e5a5a4eb0f8543e589 https://git.kernel.org/stable/c/9c1ddfeb662b668fff69c5f1cfdd9f5d23d55d23 https://git.kernel.org/stable/c/c7d11fdf8e5db5f34a6c062c7e6ba3a0971879d2

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-07-30T06:03:36.483Z

Updated: 2025-07-30T06:03:36.483Z

Reserved: 2025-04-16T04:51:24.022Z

Link: CVE-2025-38498

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-07-30T06:15:27.527

Modified: 2025-07-30T06:15:27.527

Link: CVE-2025-38498

Redhat

Severity : Moderate

Publid Date: 2025-07-30T00:00:00Z

Links: CVE-2025-38498 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object