The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify     there is that clone won't expose something hidden by a mount we wouldn't be able to undo. Wouldn't be     able to undo may be a result of MNT_LOCKED on a child, but it may also come from lacking admin rights in     the userns of the namespace mount belongs to. clone_private_mnt() checks the former, but not the latter.
    There's a number of rather confusing CAP_SYS_ADMIN checks in various userns during the mount, especially     with the new mount API; they serve different purposes and in case of clone_private_mnt() they usually, but     not always end up covering the missing check mentioned above. (CVE-2025-38499)

Note that Nessus relies on the presence of the package as reported by the vendor.

Detections

Analytics

Linux Distros Unpatched Vulnerability : CVE-2025-38499

high Nessus Plugin ID 259927

Version 1.2