cve 2025 68736

About this tag
CVE-2025-68736 is a Linux kernel vulnerability that affects the Landlock security module, specifically its handling of disconnected directories. Landlock is a Linux Security Module (LSM) that allows unprivileged processes to define filesystem access policies. The bug occurs when a process interacts with a directory that has become disconnected from its bind-mount point, potentially allowing access-right widening. The fix, titled "landlock: Fix handling of disconnected directories," prevents this unintended privilege escalation. This issue is relevant for Linux system administrators and security professionals who rely on Landlock for sandboxing and need to ensure their kernels are patched against this vulnerability.
  1. CVE-2025-68736: Landlock Disconnected Directory Fix in Linux Kernel

    The Linux kernel CVE-2025-68736 addresses a subtle Landlock sandboxing bug: landlock: Fix handling of disconnected directories, a behavior change intended to prevent access-right widening when processes interact with files or directories that have become disconnected from a bind-mount point...