Linux Kernel Mount Namespace Vulnerability in Permission Checking

Vulnerability

A vulnerability in the Linux kernel's handling of mount propagation settings has been addressed. The issue arose because the 'do_change_type()' function allowed changes to propagation settings for mounts that were unmounted or not owned by the caller's mount namespace. This vulnerability could lead to improper permission handling, potentially allowing unauthorized modifications to mount settings. The fix ensures that propagation changes can only be made for mounts within the caller's namespace, aligning the permission checks with standard mount system call behavior.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in mount propagation settings, potentially allowing for manipulation of the mount namespace in ways that could disrupt system operations or security.

Added: Jul 30, 2025, 6:17 AM

Updated: Jul 30, 2025, 6:17 AM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

4.0

remediation

0.0

relevance

0.3

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Mount Namespace Vulnerability in Permission Checking

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating