A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCanonical Ubuntu
OSCanonical18.0420.0422.04Debian
OSDebian10.0Linux Kernel
OSLinux6.25.16 – 6.1.9 (bez)5.11 – 5.15.91 (bez)Netapp H300s
HWNetappwszystkie wersjeNetapp H300s Firmware
OSNetappwszystkie wersjeNetapp H410c
HWNetappwszystkie wersjeNetapp H410c Firmware
OSNetappwszystkie wersjeNetapp H410s
HWNetappwszystkie wersjeNetapp H410s Firmware
OSNetappwszystkie wersjeNetapp H500s
HWNetappwszystkie wersjeNetapp H500s Firmware
OSNetappwszystkie wersjeNetapp H700s
HWNetappwszystkie wersjeNetapp H700s Firmware
OSNetappwszystkie wersje
CISA KEV — detailsi
- Vendori
- Linux
- Producti
- Kernel
- Added to KEVi
- June 17, 2025
- Remediation deadline (US Federal)i
- July 8, 2025(overdue)
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Linux Kernel contains an improper ownership management vulnerability, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
Related vulnerabilities
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP