CVE-2008-2931

The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint.

Published: Jul 9, 2008
Updated: Nov 9, 2025
CVE: CVE-2008-2931
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	-	2.6.22
debian / debian_linux	4.0	4.0.x
novell / suse_linux_enterprise_server	10.0-sp2	10.0-sp2.x
novell / suse_linux_enterprise_desktop	10.0-sp2	10.0-sp2.x
novell / suse_linux_enterprise_server	10.0-sp1	10.0-sp1.x
novell / suse_linux_enterprise_desktop	10.0-sp1	10.0-sp1.x
opensuse / opensuse	10.3	11.0.x
canonical / ubuntu_linux	6.06	6.06.x
canonical / ubuntu_linux	7.04	7.04.x
canonical / ubuntu_linux	7.10	7.10.x
canonical / ubuntu_linux	8.04	8.04.x

Vulnerability Database

300,214

CVE-2008-2931

Deep Security Visibility Without the Complexity