CVE-2025-38498

low-risk

Published 2025-07-30

In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking with the rest of mount(2).

Do I need to act?

0.04% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (2)

Linux Kernel

Debian Linux

Affected Vendors

Debian Linux

References (10)

Patch https://git.kernel.org/stable/c/064014f7812744451d5d0592f3d2bcd727f2ee93

Patch https://git.kernel.org/stable/c/12f147ddd6de7382dad54812e65f3f08d05809fc

Patch https://git.kernel.org/stable/c/19554c79a2095ddde850906a067915c1ef3a4114

Patch https://git.kernel.org/stable/c/432a171d60056489270c462e651e6c3a13f855b1

Patch https://git.kernel.org/stable/c/4f091ad0862b02dc42a19a120b7048de848561f8

Patch https://git.kernel.org/stable/c/787937c4e373f1722c4343e5a5a4eb0f8543e589

Patch https://git.kernel.org/stable/c/9c1ddfeb662b668fff69c5f1cfdd9f5d23d55d23

Patch https://git.kernel.org/stable/c/c7d11fdf8e5db5f34a6c062c7e6ba3a0971879d2

Third Party Advisory https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html

Third Party Advisory https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 7/34 · Low