PT-2015-5979 · Linux+5 · Linux Kernel+5

Prasad Pandit

·

Publicado

2015-04-06

·

Atualizado

2025-09-29

·

CVE-2015-2925

CVSS v2.0

6.9

Média

VetorAV:L/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.2.4
Description The issue allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack." This occurs because the prepend path function in fs/dcache.c does not properly handle rename actions inside a bind mount.
Recommendations For Linux kernel versions prior to 4.2.4, update to version 4.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the rename functionality inside bind mounts to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Identificadores relacionados

ALSA-2025_16880
ALT-PU-2015-1532
ALT-PU-2015-1924
ALT-PU-2016-1485
CESA-2015_2152
CESA-2015_2636
CVE-2015-2925
DLA-325-1
DSA-3364-1
DSA-3372-1
ELSA-2015-2152
ELSA-2015-2636
ELSA-2016-3501
OPENSUSE-SU-2015_1842-1
OPENSUSE-SU-2016_0301-1
RHSA-2015:2152
RHSA-2015:2411
RHSA-2015:2587
RHSA-2015:2636
RHSA-2015_2152
RHSA-2015_2411
RHSA-2015_2636
RHSA-2016:0068
SUSE-SU-2015:2194-1
SUSE-SU-2015:2292-1
SUSE-SU-2015_2194-1
SUSE-SU-2015_2292-1
SUSE-SU-2016:0335-1
SUSE-SU-2016:0337-1
SUSE-SU-2016:0380-1
SUSE-SU-2016:0381-1
SUSE-SU-2016:0383-1
SUSE-SU-2016:0384-1
SUSE-SU-2016:0386-1
SUSE-SU-2016:0387-1
SUSE-SU-2016:0434-1
USN-2792-1
USN-2794-1
USN-2795-1
USN-2796-1
USN-2797-1
USN-2798-1
USN-2799-1

Produtos afetados

Alt Linux
Centos
Linux Kernel
Red Hat
Suse
Ubuntu