CVE-2015-2925

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-2925
The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."

6.9 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=397d425dc26da728396e66d392d5dcb8dac30c37 Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cde93be45a8a90d8c264c776fab63487b5038a65 Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html Mailing List Third Party Advisory
http://permalink.gmane.org/gmane.linux.kernel.containers/29173 Broken Link
http://permalink.gmane.org/gmane.linux.kernel.containers/29177 Broken Link
http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?h=f22&id=520b64102de2f184036024b2a53de2b67463bd78 Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2636.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0068.html Third Party Advisory
http://www.debian.org/security/2015/dsa-3364 Third Party Advisory
http://www.debian.org/security/2015/dsa-3372 Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.4 Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/04/04/4 Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html Third Party Advisory
http://www.securityfocus.com/bid/73926 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2792-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2794-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2795-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2798-1 Third Party Advisory
http://www.ubuntu.com/usn/USN-2799-1 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1209367 Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1209373 Issue Tracking Third Party Advisory
https://github.com/torvalds/linux/commit/397d425dc26da728396e66d392d5dcb8dac30c37 Third Party Advisory
https://github.com/torvalds/linux/commit/cde93be45a8a90d8c264c776fab63487b5038a65 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
History

17 Jul 2024, 15:29

Type Values Removed Values Added
References () http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=397d425dc26da728396e66d392d5dcb8dac30c37 - () http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=397d425dc26da728396e66d392d5dcb8dac30c37 - Third Party Advisory
References () http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cde93be45a8a90d8c264c776fab63487b5038a65 - Vendor Advisory () http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cde93be45a8a90d8c264c776fab63487b5038a65 - Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html - () http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html - () http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html - () http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html - () http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html - () http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html - () http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html - () http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html - () http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html - () http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html - () http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html - Mailing List, Third Party Advisory
References () http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html - () http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html - Mailing List, Third Party Advisory
References () http://permalink.gmane.org/gmane.linux.kernel.containers/29173 - () http://permalink.gmane.org/gmane.linux.kernel.containers/29173 - Broken Link
References () http://permalink.gmane.org/gmane.linux.kernel.containers/29177 - () http://permalink.gmane.org/gmane.linux.kernel.containers/29177 - Broken Link
References () http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?h=f22&id=520b64102de2f184036024b2a53de2b67463bd78 - () http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?h=f22&id=520b64102de2f184036024b2a53de2b67463bd78 - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2015-2636.html - () http://rhn.redhat.com/errata/RHSA-2015-2636.html - Third Party Advisory
References () http://rhn.redhat.com/errata/RHSA-2016-0068.html - () http://rhn.redhat.com/errata/RHSA-2016-0068.html - Third Party Advisory
References () http://www.debian.org/security/2015/dsa-3364 - () http://www.debian.org/security/2015/dsa-3364 - Third Party Advisory
References () http://www.debian.org/security/2015/dsa-3372 - () http://www.debian.org/security/2015/dsa-3372 - Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2015/04/04/4 - () http://www.openwall.com/lists/oss-security/2015/04/04/4 - Mailing List, Third Party Advisory
References () http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html - () http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html - Third Party Advisory
References () http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html - () http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html - Third Party Advisory
References () http://www.securityfocus.com/bid/73926 - () http://www.securityfocus.com/bid/73926 - Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/USN-2792-1 - () http://www.ubuntu.com/usn/USN-2792-1 - Third Party Advisory
References () http://www.ubuntu.com/usn/USN-2794-1 - () http://www.ubuntu.com/usn/USN-2794-1 - Third Party Advisory
References () http://www.ubuntu.com/usn/USN-2795-1 - () http://www.ubuntu.com/usn/USN-2795-1 - Third Party Advisory
References () http://www.ubuntu.com/usn/USN-2798-1 - () http://www.ubuntu.com/usn/USN-2798-1 - Third Party Advisory
References () http://www.ubuntu.com/usn/USN-2799-1 - () http://www.ubuntu.com/usn/USN-2799-1 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=1209367 - () https://bugzilla.redhat.com/show_bug.cgi?id=1209367 - Issue Tracking, Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=1209373 - () https://bugzilla.redhat.com/show_bug.cgi?id=1209373 - Issue Tracking, Third Party Advisory
References () https://github.com/torvalds/linux/commit/397d425dc26da728396e66d392d5dcb8dac30c37 - Vendor Advisory () https://github.com/torvalds/linux/commit/397d425dc26da728396e66d392d5dcb8dac30c37 - Third Party Advisory
References () https://github.com/torvalds/linux/commit/cde93be45a8a90d8c264c776fab63487b5038a65 - Vendor Advisory () https://github.com/torvalds/linux/commit/cde93be45a8a90d8c264c776fab63487b5038a65 - Third Party Advisory
CPE cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
First Time Canonical
Debian debian Linux
Debian
Canonical ubuntu Linux
CWE CWE-254 NVD-CWE-Other
Information

Published : 2015-11-16 11:59

Updated : 2024-07-17 15:29

NVD link : CVE-2015-2925

Mitre link : CVE-2015-2925

CVE.ORG link : CVE-2015-2925

JSON object : View

Products Affected

canonical

  • ubuntu_linux

debian

  • debian_linux

linux

  • linux_kernel
CWE
NVD-CWE-Other