6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
10.1%
The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4
does not properly handle rename actions inside a bind mount, which allows
local users to bypass an intended container protection mechanism by
renaming a directory, related to a “double-chroot attack.”
Author | Note |
---|---|
jdstrand | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support |
kamal | See gmane-151103 article for more backport discussion, specifically that Eric B.'s backport eliminates the requirement for this patch: 70291ae namei: lift (open-coded) terminate_walk() in follow_dotdot_rcu() into callers |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 12.04 | noarch | linux | < 3.2.0-93.133 | UNKNOWN |
ubuntu | 14.04 | noarch | linux | < 3.13.0-67.110 | UNKNOWN |
ubuntu | 15.04 | noarch | linux | < 3.19.0-32.37 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-armadaxp | < 3.2.0-1659.83 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-lts-trusty | < 3.13.0-67.110~precise1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-utopic | < 3.16.0-52.71~14.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-lts-vivid | < 3.19.0-32.37~14.04.1 | UNKNOWN |
ubuntu | 12.04 | noarch | linux-ti-omap4 | < 3.2.0-1473.95 | UNKNOWN |
article.gmane.org/gmane.linux.kernel.stable/151103
permalink.gmane.org/gmane.linux.kernel.containers/29173
permalink.gmane.org/gmane.linux.kernel.containers/29177
launchpad.net/bugs/cve/CVE-2015-2925
nvd.nist.gov/vuln/detail/CVE-2015-2925
security-tracker.debian.org/tracker/CVE-2015-2925
ubuntu.com/security/notices/USN-2792-1
ubuntu.com/security/notices/USN-2794-1
ubuntu.com/security/notices/USN-2795-1
ubuntu.com/security/notices/USN-2796-1
ubuntu.com/security/notices/USN-2797-1
ubuntu.com/security/notices/USN-2798-1
ubuntu.com/security/notices/USN-2799-1
www.cve.org/CVERecord?id=CVE-2015-2925