Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.9
CVSSv2

CVE-2015-2925

Published: 16/11/2015 Updated: 05/01/2018
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
VMScore: 614
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Linux Kernel

Vulnerability Summary

The prepend_path function in fs/dcache.c in the Linux kernel prior to 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

Vendor Advisories

Debian CVElist Bug Report Logs: linux-image-3.16.0-4-amd64: concurrent msync triggers NULL pointer dereference
Debian Bug report logs - #796036 linux-image-3160-4-amd64: concurrent msync triggers NULL pointer dereference Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: Xavier Chantry <xavierchantry@interseccom> Date: Tue, 18 Aug 2015 18:09:01 UTC Severity: i ...
Red Hat: Important: kernel security, bug fix, and enhancement update
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues, address severalhundred bugs, and add numerous enhancements are now available as part ofthe ongoing support and maintenance of Red H ...
Red Hat: Important: kernel security, bug fix, and enhancement update
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix three security issues, several bugs, andone enhancement are now available for Red Hat Enterprise Linux 71 ExtendedUpdate SupportRed Hat Product Security ha ...
Red Hat: Important: kernel-rt security, bug fix, and enhancement update
Synopsis Important: kernel-rt security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Updated kernel-rt packages that fix multiple security issues, several bugs,and add various enhancements are now available for Red Hat EnterpriseLinux 7Red Hat Product Security has rated ...
Red Hat: Important: kernel security and bug fix update
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix multiple security issues and several bugsare now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having Important securityimpact ...
Debian Security Advisories: DSA-3372-1 linux -- security update
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service, unauthorised information disclosure or unauthorised information modification CVE-2015-2925 Jann Horn discovered that when a subdirectory of a filesystem was bind-mounted into a chroot or mount namespace, a user that ...
Amazon Linux AMI: ALAS-2015-603
A race condition in the IPC object implementation in the Linux kernel through 423 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msgc, shmc, and utilc (CVE-2015-7613) Linux kernels built with the name spaces support(CONFIG_NAMESPACE) is vulnera ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-ti-omap4 vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-utopic vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-vivid vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux vulnerabilities
Several security issues were fixed in the kernel ...
Ubuntu Security Notice: linux-lts-trusty vulnerabilities
Several security issues were fixed in the kernel ...

Github Repositories

https://github.com/Kagami/docker_cve-2015-2925

Docker + CVE-2015-2925 = escaping from --volume

Docker + CVE-2015-2925 = escaping from --volume Recent vulnerability in Linux known for about half of the year (several months publicly) made it possible to escape from bind mounts In particular in case of Docker it's possible to escape from inside the directory mounted via --volume option to the appropriate host's filesystem Docker Security Team is already aware of

References

CWE-254http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cde93be45a8a90d8c264c776fab63487b5038a65https://github.com/torvalds/linux/commit/397d425dc26da728396e66d392d5dcb8dac30c37https://github.com/torvalds/linux/commit/cde93be45a8a90d8c264c776fab63487b5038a65http://www.openwall.com/lists/oss-security/2015/04/04/4http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.4https://bugzilla.redhat.com/show_bug.cgi?id=1209367http://permalink.gmane.org/gmane.linux.kernel.containers/29173http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?h=f22&id=520b64102de2f184036024b2a53de2b67463bd78https://bugzilla.redhat.com/show_bug.cgi?id=1209373http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=397d425dc26da728396e66d392d5dcb8dac30c37http://permalink.gmane.org/gmane.linux.kernel.containers/29177http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlhttp://www.securityfocus.com/bid/73926http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.htmlhttp://www.ubuntu.com/usn/USN-2794-1http://www.ubuntu.com/usn/USN-2799-1http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.htmlhttp://rhn.redhat.com/errata/RHSA-2015-2636.htmlhttp://www.ubuntu.com/usn/USN-2792-1http://www.ubuntu.com/usn/USN-2795-1http://www.ubuntu.com/usn/USN-2798-1http://www.debian.org/security/2015/dsa-3372http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.htmlhttp://www.debian.org/security/2015/dsa-3364http://rhn.redhat.com/errata/RHSA-2016-0068.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796036https://nvd.nist.govhttps://github.com/Kagami/docker_cve-2015-2925https://www.debian.org/security/./dsa-3372https://usn.ubuntu.com/2794-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook