csaf_suse - suse-su-2025:03403-1

suse-su-2025:03403-1

Vulnerability from csaf_suse

Published

2025-09-27 22:04

Modified

2025-09-27 22:04

Summary

Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP5)

Notes

Title of the patch

Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP5)

Description of the patch

This update for the Linux Kernel 5.14.21-150500_55_116 fixes several issues. The following security issues were fixed: - CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247499). - CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248298). - CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1245805).

Patchnames

SUSE-2025-3403,SUSE-SLE-Module-Live-Patching-15-SP5-2025-3403

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP5)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 5.14.21-150500_55_116 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2025-38498: do_change_type(): refuse to operate on unmounted/not ours mounts (bsc#1247499).\n- CVE-2025-38555: usb: gadget : fix use-after-free in composite_dev_cleanup() (bsc#1248298).\n- CVE-2025-21701: net: avoid race between device unregistration and ethnl ops (bsc#1245805).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2025-3403,SUSE-SLE-Module-Live-Patching-15-SP5-2025-3403",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2025_03403-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2025:03403-1",
        "url": "https://www.suse.com/support/update/announcement/2025/suse-su-202503403-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2025:03403-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2025-September/041956.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1245805",
        "url": "https://bugzilla.suse.com/1245805"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1247499",
        "url": "https://bugzilla.suse.com/1247499"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1248298",
        "url": "https://bugzilla.suse.com/1248298"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-21701 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-21701/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-38498 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-38498/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-38555 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-38555/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP5)",
    "tracking": {
      "current_release_date": "2025-09-27T22:04:02Z",
      "generator": {
        "date": "2025-09-27T22:04:02Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2025:03403-1",
      "initial_release_date": "2025-09-27T22:04:02Z",
      "revision_history": [
        {
          "date": "2025-09-27T22:04:02Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.ppc64le",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.s390x",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.s390x",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.x86_64",
                  "product_id": "kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP5",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.s390x"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP5",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.x86_64"
        },
        "product_reference": "kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-21701",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-21701"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid race between device unregistration and ethnl ops\n\nThe following trace can be seen if a device is being unregistered while\nits number of channels are being modified.\n\n  DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n  WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\n  CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\n  RIP: 0010:__mutex_lock+0xc8a/0x1120\n  Call Trace:\n   \u003cTASK\u003e\n   ethtool_check_max_channel+0x1ea/0x880\n   ethnl_set_channels+0x3c3/0xb10\n   ethnl_default_set_doit+0x306/0x650\n   genl_family_rcv_msg_doit+0x1e3/0x2c0\n   genl_rcv_msg+0x432/0x6f0\n   netlink_rcv_skb+0x13d/0x3b0\n   genl_rcv+0x28/0x40\n   netlink_unicast+0x42e/0x720\n   netlink_sendmsg+0x765/0xc20\n   __sys_sendto+0x3ac/0x420\n   __x64_sys_sendto+0xe0/0x1c0\n   do_syscall_64+0x95/0x180\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis is because unregister_netdevice_many_notify might run before the\nrtnl lock section of ethnl operations, eg. set_channels in the above\nexample. In this example the rss lock would be destroyed by the device\nunregistration path before being used again, but in general running\nethnl operations while dismantle has started is not a good idea.\n\nFix this by denying any operation on devices being unregistered. A check\nwas already there in ethnl_ops_begin, but not wide enough.\n\nNote that the same issue cannot be seen on the ioctl version\n(__dev_ethtool) because the device reference is retrieved from within\nthe rtnl lock section there. Once dismantle started, the net device is\nunlisted and no reference will be found.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-21701",
          "url": "https://www.suse.com/security/cve/CVE-2025-21701"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1237164 for CVE-2025-21701",
          "url": "https://bugzilla.suse.com/1237164"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1245805 for CVE-2025-21701",
          "url": "https://bugzilla.suse.com/1245805"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-09-27T22:04:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-21701"
    },
    {
      "cve": "CVE-2025-38498",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-38498"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndo_change_type(): refuse to operate on unmounted/not ours mounts\n\nEnsure that propagation settings can only be changed for mounts located\nin the caller\u0027s mount namespace. This change aligns permission checking\nwith the rest of mount(2).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-38498",
          "url": "https://www.suse.com/security/cve/CVE-2025-38498"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1247374 for CVE-2025-38498",
          "url": "https://bugzilla.suse.com/1247374"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1247499 for CVE-2025-38498",
          "url": "https://bugzilla.suse.com/1247499"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-09-27T22:04:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-38498"
    },
    {
      "cve": "CVE-2025-38555",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-38555"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget : fix use-after-free in composite_dev_cleanup()\n\n1. In func configfs_composite_bind() -\u003e composite_os_desc_req_prepare():\nif kmalloc fails, the pointer cdev-\u003eos_desc_req will be freed but not\nset to NULL. Then it will return a failure to the upper-level function.\n2. in func configfs_composite_bind() -\u003e composite_dev_cleanup():\nit will checks whether cdev-\u003eos_desc_req is NULL. If it is not NULL, it\nwill attempt to use it.This will lead to a use-after-free issue.\n\nBUG: KASAN: use-after-free in composite_dev_cleanup+0xf4/0x2c0\nRead of size 8 at addr 0000004827837a00 by task init/1\n\nCPU: 10 PID: 1 Comm: init Tainted: G           O      5.10.97-oh #1\n kasan_report+0x188/0x1cc\n __asan_load8+0xb4/0xbc\n composite_dev_cleanup+0xf4/0x2c0\n configfs_composite_bind+0x210/0x7ac\n udc_bind_to_driver+0xb4/0x1ec\n usb_gadget_probe_driver+0xec/0x21c\n gadget_dev_desc_UDC_store+0x264/0x27c",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-38555",
          "url": "https://www.suse.com/security/cve/CVE-2025-38555"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1248297 for CVE-2025-38555",
          "url": "https://bugzilla.suse.com/1248297"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1248298 for CVE-2025-38555",
          "url": "https://bugzilla.suse.com/1248298"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP5:kernel-livepatch-5_14_21-150500_55_116-default-3-150500.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-09-27T22:04:02Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-38555"
    }
  ]
}

CVE-2025-21701 (GCVE-0-2025-21701)

Vulnerability from cvelistv5

Published

2025-02-13 15:05

Modified

2025-09-02 19:16

Severity ?

7.4 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

In the Linux kernel, the following vulnerability has been resolved: net: avoid race between device unregistration and ethnl ops The following trace can be seen if a device is being unregistered while its number of channels are being modified. DEBUG_LOCKS_WARN_ON(lock->magic != lock) WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120 CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771 RIP: 0010:__mutex_lock+0xc8a/0x1120 Call Trace: <TASK> ethtool_check_max_channel+0x1ea/0x880 ethnl_set_channels+0x3c3/0xb10 ethnl_default_set_doit+0x306/0x650 genl_family_rcv_msg_doit+0x1e3/0x2c0 genl_rcv_msg+0x432/0x6f0 netlink_rcv_skb+0x13d/0x3b0 genl_rcv+0x28/0x40 netlink_unicast+0x42e/0x720 netlink_sendmsg+0x765/0xc20 __sys_sendto+0x3ac/0x420 __x64_sys_sendto+0xe0/0x1c0 do_syscall_64+0x95/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e This is because unregister_netdevice_many_notify might run before the rtnl lock section of ethnl operations, eg. set_channels in the above example. In this example the rss lock would be destroyed by the device unregistration path before being used again, but in general running ethnl operations while dismantle has started is not a good idea. Fix this by denying any operation on devices being unregistered. A check was already there in ethnl_ops_begin, but not wide enough. Note that the same issue cannot be seen on the ioctl version (__dev_ethtool) because the device reference is retrieved from within the rtnl lock section there. Once dismantle started, the net device is unlisted and no reference will be found.

References

▼	URL	Tags
	https://git.kernel.org/stable/c/26bc6076798aa4dc83a07d0a386f9e57c94e8517
	https://git.kernel.org/stable/c/b1cb37a31a482df3dd35a6ac166282dac47664f4
	https://git.kernel.org/stable/c/2f29127e94ae9fdc7497331003d6860e9551cdf3
	https://git.kernel.org/stable/c/b382ab9b885cbb665e0e70a727f101c981b4edf3
	https://git.kernel.org/stable/c/4dc880245f9b529fa8f476b5553c799d2848b47b
	https://git.kernel.org/stable/c/12e070eb6964b341b41677fd260af5a305316a1f

Impacted products

Vendor

Product

Version

▼

Linux

Version: cfd719f04267108f5f5bf802b9d7de69e99a99f9
Version: dde91ccfa25fd58f64c397d91b81a4b393100ffa
Version: dde91ccfa25fd58f64c397d91b81a4b393100ffa
Version: dde91ccfa25fd58f64c397d91b81a4b393100ffa
Version: dde91ccfa25fd58f64c397d91b81a4b393100ffa
Version: dde91ccfa25fd58f64c397d91b81a4b393100ffa
Version: 7c26da3be1e9843a15b5318f90db8a564479d2ac

Linux

Version: 5.16

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.4,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-21701",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-02T19:15:24.731894Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-362",
                "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-02T19:16:21.196Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "net/ethtool/netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "26bc6076798aa4dc83a07d0a386f9e57c94e8517",
              "status": "affected",
              "version": "cfd719f04267108f5f5bf802b9d7de69e99a99f9",
              "versionType": "git"
            },
            {
              "lessThan": "b1cb37a31a482df3dd35a6ac166282dac47664f4",
              "status": "affected",
              "version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
              "versionType": "git"
            },
            {
              "lessThan": "2f29127e94ae9fdc7497331003d6860e9551cdf3",
              "status": "affected",
              "version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
              "versionType": "git"
            },
            {
              "lessThan": "b382ab9b885cbb665e0e70a727f101c981b4edf3",
              "status": "affected",
              "version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
              "versionType": "git"
            },
            {
              "lessThan": "4dc880245f9b529fa8f476b5553c799d2848b47b",
              "status": "affected",
              "version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
              "versionType": "git"
            },
            {
              "lessThan": "12e070eb6964b341b41677fd260af5a305316a1f",
              "status": "affected",
              "version": "dde91ccfa25fd58f64c397d91b81a4b393100ffa",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "7c26da3be1e9843a15b5318f90db8a564479d2ac",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "net/ethtool/netlink.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.16"
            },
            {
              "lessThan": "5.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.179",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.129",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.76",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.13.*",
              "status": "unaffected",
              "version": "6.13.2",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.14",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.179",
                  "versionStartIncluding": "5.15.8",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.129",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.76",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.13",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.13.2",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14",
                  "versionStartIncluding": "5.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.10.87",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid race between device unregistration and ethnl ops\n\nThe following trace can be seen if a device is being unregistered while\nits number of channels are being modified.\n\n  DEBUG_LOCKS_WARN_ON(lock-\u003emagic != lock)\n  WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\n  CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\n  RIP: 0010:__mutex_lock+0xc8a/0x1120\n  Call Trace:\n   \u003cTASK\u003e\n   ethtool_check_max_channel+0x1ea/0x880\n   ethnl_set_channels+0x3c3/0xb10\n   ethnl_default_set_doit+0x306/0x650\n   genl_family_rcv_msg_doit+0x1e3/0x2c0\n   genl_rcv_msg+0x432/0x6f0\n   netlink_rcv_skb+0x13d/0x3b0\n   genl_rcv+0x28/0x40\n   netlink_unicast+0x42e/0x720\n   netlink_sendmsg+0x765/0xc20\n   __sys_sendto+0x3ac/0x420\n   __x64_sys_sendto+0xe0/0x1c0\n   do_syscall_64+0x95/0x180\n   entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis is because unregister_netdevice_many_notify might run before the\nrtnl lock section of ethnl operations, eg. set_channels in the above\nexample. In this example the rss lock would be destroyed by the device\nunregistration path before being used again, but in general running\nethnl operations while dismantle has started is not a good idea.\n\nFix this by denying any operation on devices being unregistered. A check\nwas already there in ethnl_ops_begin, but not wide enough.\n\nNote that the same issue cannot be seen on the ioctl version\n(__dev_ethtool) because the device reference is retrieved from within\nthe rtnl lock section there. Once dismantle started, the net device is\nunlisted and no reference will be found."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-04T13:06:18.444Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/26bc6076798aa4dc83a07d0a386f9e57c94e8517"
        },
        {
          "url": "https://git.kernel.org/stable/c/b1cb37a31a482df3dd35a6ac166282dac47664f4"
        },
        {
          "url": "https://git.kernel.org/stable/c/2f29127e94ae9fdc7497331003d6860e9551cdf3"
        },
        {
          "url": "https://git.kernel.org/stable/c/b382ab9b885cbb665e0e70a727f101c981b4edf3"
        },
        {
          "url": "https://git.kernel.org/stable/c/4dc880245f9b529fa8f476b5553c799d2848b47b"
        },
        {
          "url": "https://git.kernel.org/stable/c/12e070eb6964b341b41677fd260af5a305316a1f"
        }
      ],
      "title": "net: avoid race between device unregistration and ethnl ops",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-21701",
    "datePublished": "2025-02-13T15:05:46.483Z",
    "dateReserved": "2024-12-29T08:45:45.748Z",
    "dateUpdated": "2025-09-02T19:16:21.196Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-38555 (GCVE-0-2025-38555)

Vulnerability from cvelistv5

Published

2025-08-19 17:02

Modified

2025-09-29 05:53

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in composite_dev_cleanup() 1. In func configfs_composite_bind() -> composite_os_desc_req_prepare(): if kmalloc fails, the pointer cdev->os_desc_req will be freed but not set to NULL. Then it will return a failure to the upper-level function. 2. in func configfs_composite_bind() -> composite_dev_cleanup(): it will checks whether cdev->os_desc_req is NULL. If it is not NULL, it will attempt to use it.This will lead to a use-after-free issue. BUG: KASAN: use-after-free in composite_dev_cleanup+0xf4/0x2c0 Read of size 8 at addr 0000004827837a00 by task init/1 CPU: 10 PID: 1 Comm: init Tainted: G O 5.10.97-oh #1 kasan_report+0x188/0x1cc __asan_load8+0xb4/0xbc composite_dev_cleanup+0xf4/0x2c0 configfs_composite_bind+0x210/0x7ac udc_bind_to_driver+0xb4/0x1ec usb_gadget_probe_driver+0xec/0x21c gadget_dev_desc_UDC_store+0x264/0x27c

References

▼	URL	Tags
	https://git.kernel.org/stable/c/dba96dfa5a0f685b959dd28a52ac8dab0b805204
	https://git.kernel.org/stable/c/2db29235e900a084a656dea7e0939b0abb7bb897
	https://git.kernel.org/stable/c/8afb22aa063f706f3343707cdfb8cda4d021dd33
	https://git.kernel.org/stable/c/e624bf26127645a2f7821e73fdf6dc64bad07835
	https://git.kernel.org/stable/c/aada327a9f8028c573636fa60c0abc80fb8135c9
	https://git.kernel.org/stable/c/5f06ee9f9a3665d43133f125c17e5258a13f3963
	https://git.kernel.org/stable/c/bd3c4ef60baf7f65c963f3e12d9d7b2b091e20ba
	https://git.kernel.org/stable/c/e1be1f380c82a69f80c68c96a7cfe8759fb30355
	https://git.kernel.org/stable/c/151c0aa896c47a4459e07fee7d4843f44c1bb18e

Impacted products

Vendor

Product

Version

▼

Linux

Version: 37a3a533429ef9b3cc9f15a656c19623f0e88df7
Version: 37a3a533429ef9b3cc9f15a656c19623f0e88df7
Version: 37a3a533429ef9b3cc9f15a656c19623f0e88df7
Version: 37a3a533429ef9b3cc9f15a656c19623f0e88df7
Version: 37a3a533429ef9b3cc9f15a656c19623f0e88df7
Version: 37a3a533429ef9b3cc9f15a656c19623f0e88df7
Version: 37a3a533429ef9b3cc9f15a656c19623f0e88df7
Version: 37a3a533429ef9b3cc9f15a656c19623f0e88df7
Version: 37a3a533429ef9b3cc9f15a656c19623f0e88df7

Linux

Version: 3.16

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/composite.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "dba96dfa5a0f685b959dd28a52ac8dab0b805204",
              "status": "affected",
              "version": "37a3a533429ef9b3cc9f15a656c19623f0e88df7",
              "versionType": "git"
            },
            {
              "lessThan": "2db29235e900a084a656dea7e0939b0abb7bb897",
              "status": "affected",
              "version": "37a3a533429ef9b3cc9f15a656c19623f0e88df7",
              "versionType": "git"
            },
            {
              "lessThan": "8afb22aa063f706f3343707cdfb8cda4d021dd33",
              "status": "affected",
              "version": "37a3a533429ef9b3cc9f15a656c19623f0e88df7",
              "versionType": "git"
            },
            {
              "lessThan": "e624bf26127645a2f7821e73fdf6dc64bad07835",
              "status": "affected",
              "version": "37a3a533429ef9b3cc9f15a656c19623f0e88df7",
              "versionType": "git"
            },
            {
              "lessThan": "aada327a9f8028c573636fa60c0abc80fb8135c9",
              "status": "affected",
              "version": "37a3a533429ef9b3cc9f15a656c19623f0e88df7",
              "versionType": "git"
            },
            {
              "lessThan": "5f06ee9f9a3665d43133f125c17e5258a13f3963",
              "status": "affected",
              "version": "37a3a533429ef9b3cc9f15a656c19623f0e88df7",
              "versionType": "git"
            },
            {
              "lessThan": "bd3c4ef60baf7f65c963f3e12d9d7b2b091e20ba",
              "status": "affected",
              "version": "37a3a533429ef9b3cc9f15a656c19623f0e88df7",
              "versionType": "git"
            },
            {
              "lessThan": "e1be1f380c82a69f80c68c96a7cfe8759fb30355",
              "status": "affected",
              "version": "37a3a533429ef9b3cc9f15a656c19623f0e88df7",
              "versionType": "git"
            },
            {
              "lessThan": "151c0aa896c47a4459e07fee7d4843f44c1bb18e",
              "status": "affected",
              "version": "37a3a533429ef9b3cc9f15a656c19623f0e88df7",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/usb/gadget/composite.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "3.16"
            },
            {
              "lessThan": "3.16",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.297",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.241",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.190",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.148",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.102",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.42",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.16.*",
              "status": "unaffected",
              "version": "6.16.1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.17",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.297",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.241",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.190",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.148",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.102",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.42",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.10",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16.1",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.17",
                  "versionStartIncluding": "3.16",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget : fix use-after-free in composite_dev_cleanup()\n\n1. In func configfs_composite_bind() -\u003e composite_os_desc_req_prepare():\nif kmalloc fails, the pointer cdev-\u003eos_desc_req will be freed but not\nset to NULL. Then it will return a failure to the upper-level function.\n2. in func configfs_composite_bind() -\u003e composite_dev_cleanup():\nit will checks whether cdev-\u003eos_desc_req is NULL. If it is not NULL, it\nwill attempt to use it.This will lead to a use-after-free issue.\n\nBUG: KASAN: use-after-free in composite_dev_cleanup+0xf4/0x2c0\nRead of size 8 at addr 0000004827837a00 by task init/1\n\nCPU: 10 PID: 1 Comm: init Tainted: G           O      5.10.97-oh #1\n kasan_report+0x188/0x1cc\n __asan_load8+0xb4/0xbc\n composite_dev_cleanup+0xf4/0x2c0\n configfs_composite_bind+0x210/0x7ac\n udc_bind_to_driver+0xb4/0x1ec\n usb_gadget_probe_driver+0xec/0x21c\n gadget_dev_desc_UDC_store+0x264/0x27c"
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-29T05:53:42.268Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/dba96dfa5a0f685b959dd28a52ac8dab0b805204"
        },
        {
          "url": "https://git.kernel.org/stable/c/2db29235e900a084a656dea7e0939b0abb7bb897"
        },
        {
          "url": "https://git.kernel.org/stable/c/8afb22aa063f706f3343707cdfb8cda4d021dd33"
        },
        {
          "url": "https://git.kernel.org/stable/c/e624bf26127645a2f7821e73fdf6dc64bad07835"
        },
        {
          "url": "https://git.kernel.org/stable/c/aada327a9f8028c573636fa60c0abc80fb8135c9"
        },
        {
          "url": "https://git.kernel.org/stable/c/5f06ee9f9a3665d43133f125c17e5258a13f3963"
        },
        {
          "url": "https://git.kernel.org/stable/c/bd3c4ef60baf7f65c963f3e12d9d7b2b091e20ba"
        },
        {
          "url": "https://git.kernel.org/stable/c/e1be1f380c82a69f80c68c96a7cfe8759fb30355"
        },
        {
          "url": "https://git.kernel.org/stable/c/151c0aa896c47a4459e07fee7d4843f44c1bb18e"
        }
      ],
      "title": "usb: gadget : fix use-after-free in composite_dev_cleanup()",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38555",
    "datePublished": "2025-08-19T17:02:34.110Z",
    "dateReserved": "2025-04-16T04:51:24.025Z",
    "dateUpdated": "2025-09-29T05:53:42.268Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-38498 (GCVE-0-2025-38498)

Vulnerability from cvelistv5

Published

2025-07-30 06:03

Modified

2025-07-30 06:03

Severity ?

Summary

In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking with the rest of mount(2).

References

▼	URL	Tags
	https://git.kernel.org/stable/c/787937c4e373f1722c4343e5a5a4eb0f8543e589
	https://git.kernel.org/stable/c/c7d11fdf8e5db5f34a6c062c7e6ba3a0971879d2
	https://git.kernel.org/stable/c/432a171d60056489270c462e651e6c3a13f855b1
	https://git.kernel.org/stable/c/064014f7812744451d5d0592f3d2bcd727f2ee93
	https://git.kernel.org/stable/c/4f091ad0862b02dc42a19a120b7048de848561f8
	https://git.kernel.org/stable/c/9c1ddfeb662b668fff69c5f1cfdd9f5d23d55d23
	https://git.kernel.org/stable/c/19554c79a2095ddde850906a067915c1ef3a4114
	https://git.kernel.org/stable/c/12f147ddd6de7382dad54812e65f3f08d05809fc

Impacted products

Vendor

Product

Version

▼

Linux

Version: 07b20889e3052c7e77d6a6a54e7e83446eb1ba84
Version: 07b20889e3052c7e77d6a6a54e7e83446eb1ba84
Version: 07b20889e3052c7e77d6a6a54e7e83446eb1ba84
Version: 07b20889e3052c7e77d6a6a54e7e83446eb1ba84
Version: 07b20889e3052c7e77d6a6a54e7e83446eb1ba84
Version: 07b20889e3052c7e77d6a6a54e7e83446eb1ba84
Version: 07b20889e3052c7e77d6a6a54e7e83446eb1ba84
Version: 07b20889e3052c7e77d6a6a54e7e83446eb1ba84

Linux

Version: 2.6.15

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "fs/namespace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "787937c4e373f1722c4343e5a5a4eb0f8543e589",
              "status": "affected",
              "version": "07b20889e3052c7e77d6a6a54e7e83446eb1ba84",
              "versionType": "git"
            },
            {
              "lessThan": "c7d11fdf8e5db5f34a6c062c7e6ba3a0971879d2",
              "status": "affected",
              "version": "07b20889e3052c7e77d6a6a54e7e83446eb1ba84",
              "versionType": "git"
            },
            {
              "lessThan": "432a171d60056489270c462e651e6c3a13f855b1",
              "status": "affected",
              "version": "07b20889e3052c7e77d6a6a54e7e83446eb1ba84",
              "versionType": "git"
            },
            {
              "lessThan": "064014f7812744451d5d0592f3d2bcd727f2ee93",
              "status": "affected",
              "version": "07b20889e3052c7e77d6a6a54e7e83446eb1ba84",
              "versionType": "git"
            },
            {
              "lessThan": "4f091ad0862b02dc42a19a120b7048de848561f8",
              "status": "affected",
              "version": "07b20889e3052c7e77d6a6a54e7e83446eb1ba84",
              "versionType": "git"
            },
            {
              "lessThan": "9c1ddfeb662b668fff69c5f1cfdd9f5d23d55d23",
              "status": "affected",
              "version": "07b20889e3052c7e77d6a6a54e7e83446eb1ba84",
              "versionType": "git"
            },
            {
              "lessThan": "19554c79a2095ddde850906a067915c1ef3a4114",
              "status": "affected",
              "version": "07b20889e3052c7e77d6a6a54e7e83446eb1ba84",
              "versionType": "git"
            },
            {
              "lessThan": "12f147ddd6de7382dad54812e65f3f08d05809fc",
              "status": "affected",
              "version": "07b20889e3052c7e77d6a6a54e7e83446eb1ba84",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "fs/namespace.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "2.6.15"
            },
            {
              "lessThan": "2.6.15",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.4.*",
              "status": "unaffected",
              "version": "5.4.295",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.10.*",
              "status": "unaffected",
              "version": "5.10.239",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "5.15.*",
              "status": "unaffected",
              "version": "5.15.186",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.1.*",
              "status": "unaffected",
              "version": "6.1.142",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.6.*",
              "status": "unaffected",
              "version": "6.6.94",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.34",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.15.*",
              "status": "unaffected",
              "version": "6.15.3",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.16",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.4.295",
                  "versionStartIncluding": "2.6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.10.239",
                  "versionStartIncluding": "2.6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "5.15.186",
                  "versionStartIncluding": "2.6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.1.142",
                  "versionStartIncluding": "2.6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.6.94",
                  "versionStartIncluding": "2.6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.34",
                  "versionStartIncluding": "2.6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15.3",
                  "versionStartIncluding": "2.6.15",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.16",
                  "versionStartIncluding": "2.6.15",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndo_change_type(): refuse to operate on unmounted/not ours mounts\n\nEnsure that propagation settings can only be changed for mounts located\nin the caller\u0027s mount namespace. This change aligns permission checking\nwith the rest of mount(2)."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-30T06:03:36.483Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/787937c4e373f1722c4343e5a5a4eb0f8543e589"
        },
        {
          "url": "https://git.kernel.org/stable/c/c7d11fdf8e5db5f34a6c062c7e6ba3a0971879d2"
        },
        {
          "url": "https://git.kernel.org/stable/c/432a171d60056489270c462e651e6c3a13f855b1"
        },
        {
          "url": "https://git.kernel.org/stable/c/064014f7812744451d5d0592f3d2bcd727f2ee93"
        },
        {
          "url": "https://git.kernel.org/stable/c/4f091ad0862b02dc42a19a120b7048de848561f8"
        },
        {
          "url": "https://git.kernel.org/stable/c/9c1ddfeb662b668fff69c5f1cfdd9f5d23d55d23"
        },
        {
          "url": "https://git.kernel.org/stable/c/19554c79a2095ddde850906a067915c1ef3a4114"
        },
        {
          "url": "https://git.kernel.org/stable/c/12f147ddd6de7382dad54812e65f3f08d05809fc"
        }
      ],
      "title": "do_change_type(): refuse to operate on unmounted/not ours mounts",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-38498",
    "datePublished": "2025-07-30T06:03:36.483Z",
    "dateReserved": "2025-04-16T04:51:24.022Z",
    "dateUpdated": "2025-07-30T06:03:36.483Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2025:03403-1

Vulnerability from csaf_suse

CVE-2025-21701 (GCVE-0-2025-21701)

Vulnerability from cvelistv5

CVE-2025-38555 (GCVE-0-2025-38555)

Vulnerability from cvelistv5

CVE-2025-38498 (GCVE-0-2025-38498)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature