CVE-2025-40362 — Insufficient Granularity of Access Control in Linux

CWE-1220 — Insufficient Granularity of Access Control17 documents8 sources

Severity

8.4HIGH

No vector

EPSS

0.2%

top 60.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Debian Linux +1 more

Timeline

PublishedDec 16

Latest updateFeb 24

Description

In the Linux kernel, the following vulnerability has been resolved: ceph: fix multifs mds auth caps issue The mds auth caps check should also validate the fsname along with the associated caps. Not doing so would result in applying the mds auth caps of one fs on to the other fs in a multifs ceph cluster. The bug causes multiple issues w.r.t user authentication, following is one such example. Steps to Reproduce (on vstart cluster): 1. Create two file systems in a cluster, say 'fsname1' and 'fs…

Affected Packages6 packages

▶Linuxlinux/linux_kernel6.10.0 — 6.12.58+1

▶Debianlinux/linux_kernel< 6.12.63-1+1

▶Ubuntulinux/linux_kernel< 6.17.0-14.14

▶msrcmsrc/azl3_kernel_6.6.117.1-1_on_azure_linux_3.0

▶CVEListV5linux/linux596afb0b8933ba6ed7227adcc538db26feb25c74 — 07640d34a781bb2e39020a39137073c03c4aa932+3

🔴Vulnerability Details

OSV

linux-azure vulnerabilities↗2026-02-24

▶

OSV

linux-oem-6.17 vulnerabilities↗2026-02-17

▶

OSV

linux-aws, linux-oracle vulnerabilities↗2026-02-17

▶

OSV

linux-gcp vulnerabilities↗2026-02-12

▶

OSV

linux, linux-raspi, linux-realtime vulnerabilities↗2026-02-12

▶

📋Vendor Advisories

Ubuntu

Linux kernel (Azure) vulnerabilities↗2026-02-24

▶

Ubuntu

Linux kernel (OEM) vulnerabilities↗2026-02-17

▶

Ubuntu

Linux kernel (GCP) vulnerabilities↗2026-02-12

▶

Ubuntu

Linux kernel vulnerabilities↗2026-02-12

▶

Red Hat

kernel: Linux kernel (ceph): Incorrect authorization allows privilege escalation in multifs clusters↗2025-12-16

▶

🕵️Threat Intelligence

Wiz

CVE-2025-40362 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶