CVE-2025-39717 in Linuxinformazioni

Riassunto

di MITRE • 05/09/2025

In the Linux kernel, the following vulnerability has been resolved:

open_tree_attr: do not allow id-mapping changes without OPEN_TREE_CLONE

As described in commit 7a54947e727b ('Merge patch series "fs: allow changing idmappings"'), open_tree_attr(2) was necessary in order to allow for a detached mount to be created and have its idmappings changed without the risk of any racing threads operating on it. For this reason, mount_setattr(2) still does not allow for id-mappings to be changed.

However, there was a bug in commit 2462651ffa76 ("fs: allow changing idmappings") which allowed users to bypass this restriction by calling open_tree_attr(2) *without* OPEN_TREE_CLONE.

can_idmap_mount() prevented this bug from allowing an attached mountpoint's id-mapping from being modified (thanks to an is_anon_ns() check), but this still allows for detached (but visible) mounts to have their be id-mapping changed. This risks the same UAF and locking issues as described in the merge commit, and was likely unintentional.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Responsabile

Linux

Prenotare

16/04/2025

Divulgazione

05/09/2025

Moderazione

accettato

CPE

pronto

EPSS

0.00141

KEV

no

Attività

molto basso

Fonti

Want to know what is going to be exploited?

We predict KEV entries!