CVE-2025-38498

In the Linux kernel, the following vulnerability has been resolved:

do_change_type(): refuse to operate on unmounted/not ours mounts

Ensure that propagation settings can only be changed for mounts located
in the caller's mount namespace. This change aligns permission checking
with the rest of mount(2).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
LinuxCNA
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
Debian logo
Debian Releases
Debian Product
Codename
linux
bullseye
vulnerable
bullseye (security)
vulnerable
bookworm
vulnerable
bookworm (security)
vulnerable
trixie (security)
vulnerable
sid
6.12.38-1
fixed
trixie
6.12.38-1
fixed
Vulnerability Media Exposure
References
https://git.kernel.org/stable/c/064014f7812744451d5d0592f3d2bcd727f2ee93
https://git.kernel.org/stable/c/12f147ddd6de7382dad54812e65f3f08d05809fc
https://git.kernel.org/stable/c/19554c79a2095ddde850906a067915c1ef3a4114
https://git.kernel.org/stable/c/432a171d60056489270c462e651e6c3a13f855b1
https://git.kernel.org/stable/c/4f091ad0862b02dc42a19a120b7048de848561f8
https://git.kernel.org/stable/c/787937c4e373f1722c4343e5a5a4eb0f8543e589
https://git.kernel.org/stable/c/9c1ddfeb662b668fff69c5f1cfdd9f5d23d55d23
https://git.kernel.org/stable/c/c7d11fdf8e5db5f34a6c062c7e6ba3a0971879d2