CVE-2025-68736

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel landlock subsystem had a flaw in how it handled disconnected directories. These directories could appear when files or directories were accessed through a bind mount but had been moved or renamed from the original source, making them inaccessible from the mount point. Previously, access rights were collected by traversing the filesystem hierarchy without considering the mount point, potentially leading to inconsistent access results and access right widening. This issue could occur when a sandboxed task had write access to the source of the bind mount and read access to the mount point itself. The landlock subsystem has been updated to consider the filesystem hierarchy and the mount point when evaluating access rights for files and directories opened from disconnected directories, ensuring that renames do not widen access rights. The fix also removes a warning canary and corrects a related comment in the collect domain accesses() function. Files with stored access rights are not impacted by this issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.