Updated: 2026-01-08 02:09:49.709054
Description:
In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" may be a result of MNT_LOCKED on a child, but it may also come from lacking admin rights in the userns of the namespace mount belongs to. clone_private_mnt() checks the former, but not the latter. There's a number of rather confusing CAP_SYS_ADMIN checks in various userns during the mount, especially with the new mount API; they serve different purposes and in case of clone_private_mnt() they usually, but not always end up covering the missing check mentioned above.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | MEDIUM | 5.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 5.5 | MEDIUM | Released | CLSA-2026:1767864313 | 2026-01-08 16:46:55 | |
| Oracle Linux 7 ELS | kernel | 3.10.0 | 5.5 | MEDIUM | Needs Triage | 2025-12-16 16:59:29 | ||
| Oracle Linux 7 ELS | kernel-uek | 5.4.17 | 5.5 | MEDIUM | Released | CLSA-2025:1764085382 | 2025-11-25 20:38:23 | |
| TuxCare 9.6 ESU | kernel | 5.14.0 | 5.5 | MEDIUM | Released | CLSA-2025:1766488019 | 2025-12-23 19:41:16 | |
| Ubuntu 16.04 ELS | linux-hwe | 4.15.0 | 5.5 | MEDIUM | Needs Triage | 2026-01-08 06:33:03 | ||
| Ubuntu 18.04 ELS | linux | 4.15.0 | 5.5 | MEDIUM | Needs Triage | 2026-01-08 06:46:13 | ||
| Ubuntu 20.04 ELS | linux | 5.4.0 | 5.5 | MEDIUM | Needs Triage | 2025-12-09 19:16:46 |