CVE-2015-2925

The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=397d425dc26da728396e66d392d5dcb8dac30c37	Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cde93be45a8a90d8c264c776fab63487b5038a65	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html	Mailing List Third Party Advisory
http://permalink.gmane.org/gmane.linux.kernel.containers/29173	Broken Link
http://permalink.gmane.org/gmane.linux.kernel.containers/29177	Broken Link
http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?h=f22&id=520b64102de2f184036024b2a53de2b67463bd78	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2636.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0068.html	Third Party Advisory
http://www.debian.org/security/2015/dsa-3364	Third Party Advisory
http://www.debian.org/security/2015/dsa-3372	Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.4	Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/04/04/4	Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	Third Party Advisory
http://www.securityfocus.com/bid/73926	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2792-1	Third Party Advisory
http://www.ubuntu.com/usn/USN-2794-1	Third Party Advisory
http://www.ubuntu.com/usn/USN-2795-1	Third Party Advisory
http://www.ubuntu.com/usn/USN-2798-1	Third Party Advisory
http://www.ubuntu.com/usn/USN-2799-1	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1209367	Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1209373	Issue Tracking Third Party Advisory
https://github.com/torvalds/linux/commit/397d425dc26da728396e66d392d5dcb8dac30c37	Third Party Advisory
https://github.com/torvalds/linux/commit/cde93be45a8a90d8c264c776fab63487b5038a65	Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=397d425dc26da728396e66d392d5dcb8dac30c37	Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cde93be45a8a90d8c264c776fab63487b5038a65	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html	Mailing List Third Party Advisory
http://permalink.gmane.org/gmane.linux.kernel.containers/29173	Broken Link
http://permalink.gmane.org/gmane.linux.kernel.containers/29177	Broken Link
http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?h=f22&id=520b64102de2f184036024b2a53de2b67463bd78	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2636.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0068.html	Third Party Advisory
http://www.debian.org/security/2015/dsa-3364	Third Party Advisory
http://www.debian.org/security/2015/dsa-3372	Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.4	Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/04/04/4	Mailing List Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html	Third Party Advisory
http://www.securityfocus.com/bid/73926	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2792-1	Third Party Advisory
http://www.ubuntu.com/usn/USN-2794-1	Third Party Advisory
http://www.ubuntu.com/usn/USN-2795-1	Third Party Advisory
http://www.ubuntu.com/usn/USN-2798-1	Third Party Advisory
http://www.ubuntu.com/usn/USN-2799-1	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1209367	Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1209373	Issue Tracking Third Party Advisory
https://github.com/torvalds/linux/commit/397d425dc26da728396e66d392d5dcb8dac30c37	Third Party Advisory
https://github.com/torvalds/linux/commit/cde93be45a8a90d8c264c776fab63487b5038a65	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:12.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
	cpe:2.3:o:canonical:ubuntu_linux:15.04:::::::*

History

21 Nov 2024, 02:28

17 Jul 2024, 15:29

Information

Published : 2015-11-16 11:59

Updated : 2024-11-21 02:28

NVD link : CVE-2015-2925

Mitre link : CVE-2015-2925

CVE.ORG link : CVE-2015-2925

JSON object : View

Products Affected

debian

debian_linux

linux

linux_kernel

canonical

ubuntu_linux

CWE

NVD-CWE-Other

6.9 /10