{"id":"CVE-2025-38498","summary":"do_change_type(): refuse to operate on unmounted/not ours mounts","details":"In the Linux kernel, the following vulnerability has been resolved:\n\ndo_change_type(): refuse to operate on unmounted/not ours mounts\n\nEnsure that propagation settings can only be changed for mounts located\nin the caller's mount namespace. This change aligns permission checking\nwith the rest of mount(2).","modified":"2026-04-02T12:48:00.320834Z","published":"2025-07-30T06:03:36.483Z","related":["ALSA-2025:15782","ALSA-2025:16372","ALSA-2025:16398","MGASA-2025-0218","MGASA-2025-0219","SUSE-SU-2025:02853-1","SUSE-SU-2025:02923-1","SUSE-SU-2025:02969-1","SUSE-SU-2025:02996-1","SUSE-SU-2025:02997-1","SUSE-SU-2025:03011-1","SUSE-SU-2025:03023-1","SUSE-SU-2025:03204-1","SUSE-SU-2025:03283-1","SUSE-SU-2025:03310-1","SUSE-SU-2025:03314-1","SUSE-SU-2025:03315-1","SUSE-SU-2025:03317-1","SUSE-SU-2025:03318-1","SUSE-SU-2025:03319-1","SUSE-SU-2025:03321-1","SUSE-SU-2025:03329-1","SUSE-SU-2025:03336-1","SUSE-SU-2025:03337-1","SUSE-SU-2025:03339-1","SUSE-SU-2025:03341-1","SUSE-SU-2025:03342-1","SUSE-SU-2025:03343-1","SUSE-SU-2025:03344-1","SUSE-SU-2025:03350-1","SUSE-SU-2025:03356-1","SUSE-SU-2025:03358-1","SUSE-SU-2025:03359-1","SUSE-SU-2025:03362-1","SUSE-SU-2025:03363-1","SUSE-SU-2025:03370-1","SUSE-SU-2025:03374-1","SUSE-SU-2025:03375-1","SUSE-SU-2025:03379-1","SUSE-SU-2025:03381-1","SUSE-SU-2025:03383-1","SUSE-SU-2025:03384-1","SUSE-SU-2025:03387-1","SUSE-SU-2025:03389-1","SUSE-SU-2025:03391-1","SUSE-SU-2025:03392-1","SUSE-SU-2025:03393-1","SUSE-SU-2025:03395-1","SUSE-SU-2025:03396-1","SUSE-SU-2025:03397-1","SUSE-SU-2025:03400-1","SUSE-SU-2025:03403-1","SUSE-SU-2025:03406-1","SUSE-SU-2025:03408-1","SUSE-SU-2025:03410-1","SUSE-SU-2025:03411-1","SUSE-SU-2025:03412-1","SUSE-SU-2025:03413-1","SUSE-SU-2025:03414-1","SUSE-SU-2025:03416-1","SUSE-SU-2025:03418-1","SUSE-SU-2025:03419-1","SUSE-SU-2025:20577-1","SUSE-SU-2025:20586-1","SUSE-SU-2025:20601-1","SUSE-SU-2025:20602-1","SUSE-SU-2025:20722-1","SUSE-SU-2025:20723-1","SUSE-SU-2025:20724-1","SUSE-SU-2025:20725-1","SUSE-SU-2025:20726-1","SUSE-SU-2025:20727-1","SUSE-SU-2025:20728-1","SUSE-SU-2025:20729-1","SUSE-SU-2025:20730-1","SUSE-SU-2025:20731-1","SUSE-SU-2025:20732-1","SUSE-SU-2025:20733-1","SUSE-SU-2025:20734-1","SUSE-SU-2025:20735-1","SUSE-SU-2025:20736-1","SUSE-SU-2025:20737-1","SUSE-SU-2025:20738-1","SUSE-SU-2025:20768-1","SUSE-SU-2025:20769-1","SUSE-SU-2025:20770-1","SUSE-SU-2025:20771-1","SUSE-SU-2025:20772-1","SUSE-SU-2025:20773-1","SUSE-SU-2025:20774-1","SUSE-SU-2025:20784-1","SUSE-SU-2025:20785-1","SUSE-SU-2025:20786-1","SUSE-SU-2025:20787-1","SUSE-SU-2025:20788-1","SUSE-SU-2025:20789-1","SUSE-SU-2025:20790-1","SUSE-SU-2025:20791-1","SUSE-SU-2025:4123-1","SUSE-SU-2025:4315-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38498.json","cna_assigner":"Linux"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/064014f7812744451d5d0592f3d2bcd727f2ee93"},{"type":"WEB","url":"https://git.kernel.org/stable/c/12f147ddd6de7382dad54812e65f3f08d05809fc"},{"type":"WEB","url":"https://git.kernel.org/stable/c/19554c79a2095ddde850906a067915c1ef3a4114"},{"type":"WEB","url":"https://git.kernel.org/stable/c/432a171d60056489270c462e651e6c3a13f855b1"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4f091ad0862b02dc42a19a120b7048de848561f8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/787937c4e373f1722c4343e5a5a4eb0f8543e589"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9c1ddfeb662b668fff69c5f1cfdd9f5d23d55d23"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c7d11fdf8e5db5f34a6c062c7e6ba3a0971879d2"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38498.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38498"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"07b20889e3052c7e77d6a6a54e7e83446eb1ba84"},{"fixed":"787937c4e373f1722c4343e5a5a4eb0f8543e589"},{"fixed":"c7d11fdf8e5db5f34a6c062c7e6ba3a0971879d2"},{"fixed":"432a171d60056489270c462e651e6c3a13f855b1"},{"fixed":"064014f7812744451d5d0592f3d2bcd727f2ee93"},{"fixed":"4f091ad0862b02dc42a19a120b7048de848561f8"},{"fixed":"9c1ddfeb662b668fff69c5f1cfdd9f5d23d55d23"},{"fixed":"19554c79a2095ddde850906a067915c1ef3a4114"},{"fixed":"12f147ddd6de7382dad54812e65f3f08d05809fc"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-38498.json"}}],"schema_version":"1.7.5"}