CME-702
Linux Namespaces (User, PID, Network, Mount)
Description
Kernel namespace isolation providing separate views of system resources per process group. PID namespace hides host processes, mount namespace isolates filesystem, network namespace isolates network stack, user namespace remaps UIDs.
CVSS Vector Impacts
| Metric | Transition | Rationale |
|---|---|---|
| Scope (S) | C → U | Process cannot see or interact with resources outside its namespace |
| Privileges Required (PR) | L → H | UID 0 inside namespace maps to unprivileged user on host (user ns) |
CWE Relationships
Verification
Check process namespace isolation
$ ls -la /proc/<pid>/ns/
# Expected: user mnt pid net
# Expected: user mnt pid net
Platform: linux