CVE-2025-38498 - Vulnerability Details

In the Linux kernel, the following vulnerability has been resolved:

do_change_type(): refuse to operate on unmounted/not ours mounts

Ensure that propagation settings can only be changed for mounts located
in the caller's mount namespace. This change aligns permission checking
with the rest of mount(2).

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0006.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Linux Subscribe	Linux Kernel Subscribe

Advisories

Source	ID	Title
Debian DLA	DLA-4327-1	linux security update
Debian DLA	DLA-4328-1	linux-6.1 security update
Debian DSA	DSA-5973-1	linux security update
EUVD	EUVD-2025-23147	In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking with the rest of mount(2).
Ubuntu USN	USN-7769-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7769-2	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-7769-3	Linux kernel vulnerabilities
Ubuntu USN	USN-7770-1	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7771-1	Linux kernel (OEM) vulnerabilities
Ubuntu USN	USN-7774-1	Linux kernel vulnerabilities
Ubuntu USN	USN-7774-2	Linux kernel (FIPS) vulnerabilities
Ubuntu USN	USN-7774-3	Linux kernel (Real-time) vulnerabilities
Ubuntu USN	USN-7775-1	Linux kernel (Azure FIPS) vulnerabilities
Ubuntu USN	USN-7775-2	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7776-1	Linux kernel (Oracle) vulnerabilities
Ubuntu USN	USN-7775-3	Linux kernel (Azure) vulnerabilities
Ubuntu USN	USN-7774-4	Linux kernel (KVM) vulnerabilities
Ubuntu USN	USN-7789-1	Linux kernel (Oracle) vulnerabilities
Ubuntu USN	USN-7774-5	Linux kernel (NVIDIA Tegra IGX) vulnerabilities
Ubuntu USN	USN-7789-2	Linux kernel (Raspberry Pi) vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://git.kernel.org/stable/c/064014f7812744451d5d0592f3d2bcd727f2ee93
https://git.kernel.org/stable/c/12f147ddd6de7382dad54812e65f3f08d05809fc
https://git.kernel.org/stable/c/19554c79a2095ddde850906a067915c1ef3a4114
https://git.kernel.org/stable/c/432a171d60056489270c462e651e6c3a13f855b1
https://git.kernel.org/stable/c/4f091ad0862b02dc42a19a120b7048de848561f8
https://git.kernel.org/stable/c/787937c4e373f1722c4343e5a5a4eb0f8543e589
https://git.kernel.org/stable/c/9c1ddfeb662b668fff69c5f1cfdd9f5d23d55d23
https://git.kernel.org/stable/c/c7d11fdf8e5db5f34a6c062c7e6ba3a0971879d2
https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html
https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html
https://lore.kernel.org/linux-cve-announce/2025073029-CVE-2025-38498-e3ab@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2025-38498
https://www.cve.org/CVERecord?id=CVE-2025-38498

History

Mon, 03 Nov 2025 18:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

Wed, 30 Jul 2025 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Linux Linux linux Kernel
Vendors & Products		Linux Linux linux Kernel

Wed, 30 Jul 2025 12:15:00 +0000

Type	Values Removed	Values Added
References		https://lore.kernel.org/linux-cve-announce/2025073029-CVE-2025-38498-e3ab@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2025-38498 https://www.cve.org/CVERecord?id=CVE-2025-38498
Metrics	threat_severity `None`	cvssV3_1 `{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}` threat_severity `Moderate`

Wed, 30 Jul 2025 06:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking with the rest of mount(2).
Title		do_change_type(): refuse to operate on unmounted/not ours mounts
References		https://git.kernel.org/stable/c/064014f7812744451d5d0592f3d2bcd727f2ee93 https://git.kernel.org/stable/c/12f147ddd6de7382dad54812e65f3f08d05809fc https://git.kernel.org/stable/c/19554c79a2095ddde850906a067915c1ef3a4114 https://git.kernel.org/stable/c/432a171d60056489270c462e651e6c3a13f855b1 https://git.kernel.org/stable/c/4f091ad0862b02dc42a19a120b7048de848561f8 https://git.kernel.org/stable/c/787937c4e373f1722c4343e5a5a4eb0f8543e589 https://git.kernel.org/stable/c/9c1ddfeb662b668fff69c5f1cfdd9f5d23d55d23 https://git.kernel.org/stable/c/c7d11fdf8e5db5f34a6c062c7e6ba3a0971879d2

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2025-07-30T06:03:36.483Z

Updated: 2025-11-03T17:39:07.695Z

Reserved: 2025-04-16T04:51:24.022Z

Link: CVE-2025-38498

Vulnrichment

No data.

NVD

Status : Awaiting Analysis

Published: 2025-07-30T06:15:27.527

Modified: 2025-11-03T18:16:25.880

Link: CVE-2025-38498

Redhat

Severity : Moderate

Publid Date: 2025-07-30T00:00:00Z

Links: CVE-2025-38498 - Bugzilla

OpenCVE Enrichment

Updated: 2025-07-30T15:04:12Z

Weaknesses

No weakness.

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object