{ "dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": { "cveId": "CVE-2025-38499", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2025-04-16T04:51:24.022Z", "datePublished": "2025-08-11T16:01:08.257Z", "dateUpdated": "2026-07-14T12:42:14.206Z" }, "containers": { "cna": { "providerMetadata": { "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-05-23T15:59:54.010Z" }, "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns\n\nWhat we want is to verify there is that clone won't expose something\nhidden by a mount we wouldn't be able to undo. \"Wouldn't be able to undo\"\nmay be a result of MNT_LOCKED on a child, but it may also come from\nlacking admin rights in the userns of the namespace mount belongs to.\n\nclone_private_mnt() checks the former, but not the latter.\n\nThere's a number of rather confusing CAP_SYS_ADMIN checks in various\nuserns during the mount, especially with the new mount API; they serve\ndifferent purposes and in case of clone_private_mnt() they usually,\nbut not always end up covering the missing check mentioned above." } ], "affected": [ { "product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "fs/namespace.c" ], "versions": [ { "version": "427215d85e8d1476da1a86b8d67aceb485eb3631", "lessThan": "36fecd740de2d542d2091d65d36554ee2bcf9c65", "status": "affected", "versionType": "git" }, { "version": "427215d85e8d1476da1a86b8d67aceb485eb3631", "lessThan": "d717325b5ecf2a40daca85c61923e17f32306179", "status": "affected", "versionType": "git" }, { "version": "427215d85e8d1476da1a86b8d67aceb485eb3631", "lessThan": "dc6a664089f10eab0fb36b6e4f705022210191d2", "status": "affected", "versionType": "git" }, { "version": "427215d85e8d1476da1a86b8d67aceb485eb3631", "lessThan": "e77078e52fbf018ab986efb3c79065ab35025607", "status": "affected", "versionType": "git" }, { "version": "427215d85e8d1476da1a86b8d67aceb485eb3631", "lessThan": "38628ae06e2a37770cd794802a3f1310cf9846e3", "status": "affected", "versionType": "git" }, { "version": "427215d85e8d1476da1a86b8d67aceb485eb3631", "lessThan": "c28f922c9dcee0e4876a2c095939d77fe7e15116", "status": "affected", "versionType": "git" }, { "version": "c6e8810d25295acb40a7b69ed3962ff181919571", "status": "affected", "versionType": "git" }, { "version": "e3eee87c846dc47f6d8eb6d85e7271f24122a279", "status": "affected", "versionType": "git" }, { "version": "517b875dfbf58f0c6c9e32dc90f5cf42d71a42ce", "status": "affected", "versionType": "git" }, { "version": "963d85d630dabe75a3cfde44a006fec3304d07b8", "status": "affected", "versionType": "git" }, { "version": "812f39ed5b0b7f34868736de3055c92c7c4cf459", "status": "affected", "versionType": "git" }, { "version": "6a002d48a66076524f67098132538bef17e8445e", "status": "affected", "versionType": "git" }, { "version": "41812f4b84484530057513478c6770590347dc30", "status": "affected", "versionType": "git" }, { "version": "4.4.281", "lessThan": "4.5", "status": "affected", "versionType": "semver" }, { "version": "4.9.280", "lessThan": "4.10", "status": "affected", "versionType": "semver" }, { "version": "4.14.244", "lessThan": "4.15", "status": "affected", "versionType": "semver" }, { "version": "4.19.204", "lessThan": "4.20", "status": "affected", "versionType": "semver" }, { "version": "5.4.141", "lessThan": "5.5", "status": "affected", "versionType": "semver" }, { "version": "5.10.59", "lessThan": "5.11", "status": "affected", "versionType": "semver" }, { "version": "5.13.11", "lessThan": "5.14", "status": "affected", "versionType": "semver" } ] }, { "product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": [ "fs/namespace.c" ], "versions": [ { "version": "5.14", "status": "affected" }, { "version": "0", "lessThan": "5.14", "status": "unaffected", "versionType": "semver" }, { "version": "5.15.190", "lessThanOrEqual": "5.15.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.1.147", "lessThanOrEqual": "6.1.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.6.100", "lessThanOrEqual": "6.6.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.12.40", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.15.3", "lessThanOrEqual": "6.15.*", "status": "unaffected", "versionType": "semver" }, { "version": "6.16", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix" } ] } ], "cpeApplicability": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "5.15.190" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.1.147" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.6.100" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.12.40" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.15.3" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.14", "versionEndExcluding": "6.16" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.281" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.9.280" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.14.244" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.19.204" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.4.141" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.10.59" }, { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.13.11" } ] } ] } ], "references": [ { "url": "https://git.kernel.org/stable/c/36fecd740de2d542d2091d65d36554ee2bcf9c65" }, { "url": "https://git.kernel.org/stable/c/d717325b5ecf2a40daca85c61923e17f32306179" }, { "url": "https://git.kernel.org/stable/c/dc6a664089f10eab0fb36b6e4f705022210191d2" }, { "url": "https://git.kernel.org/stable/c/e77078e52fbf018ab986efb3c79065ab35025607" }, { "url": "https://git.kernel.org/stable/c/38628ae06e2a37770cd794802a3f1310cf9846e3" }, { "url": "https://git.kernel.org/stable/c/c28f922c9dcee0e4876a2c095939d77fe7e15116" } ], "title": "clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns", "x_generator": { "engine": "bippy-1.2.0" } }, "adp": [ { "title": "CVE Program Container", "references": [ { "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html" } ], "providerMetadata": { "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T17:39:08.627Z" } }, { "x_adpType": "supplier", "providerMetadata": { "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e", "shortName": "siemens-SADP", "dateUpdated": "2026-07-14T12:42:14.206Z" }, "affected": [ { "vendor": "Siemens", "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP", "versions": [ { "status": "affected", "version": "V3.1.5", "lessThan": "*", "versionType": "custom" } ], "defaultStatus": "unknown" }, { "vendor": "Siemens", "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP", "versions": [ { "status": "affected", "version": "V3.1.5", "lessThan": "*", "versionType": "custom" } ], "defaultStatus": "unknown" }, { "vendor": "Siemens", "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP", "versions": [ { "status": "affected", "version": "V3.1.5", "lessThan": "*", "versionType": "custom" } ], "defaultStatus": "unknown" }, { "vendor": "Siemens", "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP", "versions": [ { "status": "affected", "version": "V3.1.5", "lessThan": "*", "versionType": "custom" } ], "defaultStatus": "unknown" }, { "vendor": "Siemens", "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP", "versions": [ { "status": "affected", "version": "V3.1.5", "lessThan": "*", "versionType": "custom" } ], "defaultStatus": "unknown" } ], "references": [ { "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html" } ] } ] } }