PT-2015-5979 · Linux+5 · Linux Kernel+5

Prasad Pandit

Published

2015-04-06

Updated

2025-09-29

CVE-2015-2925

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.2.4

Description The issue allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack." This occurs because the prepend path function in fs/dcache.c does not properly handle rename actions inside a bind mount.

Recommendations For Linux kernel versions prior to 4.2.4, update to version 4.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the rename functionality inside bind mounts to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALSA-2025_16880

ALT-PU-2015-1532

ALT-PU-2015-1924

ALT-PU-2016-1485

CESA-2015_2152

CESA-2015_2636

CVE-2015-2925

DLA-325-1

DSA-3364-1

DSA-3372-1

ELSA-2015-2152

ELSA-2015-2636

ELSA-2016-3501

OPENSUSE-SU-2015_1842-1

OPENSUSE-SU-2016_0301-1

RHSA-2015:2152

RHSA-2015:2411

RHSA-2015:2587

RHSA-2015:2636

RHSA-2015_2152

RHSA-2015_2411

RHSA-2015_2636

RHSA-2016:0068

SUSE-SU-2015:2194-1

SUSE-SU-2015:2292-1

SUSE-SU-2015_2194-1

SUSE-SU-2015_2292-1

SUSE-SU-2016:0335-1

SUSE-SU-2016:0337-1

SUSE-SU-2016:0380-1

SUSE-SU-2016:0381-1

SUSE-SU-2016:0383-1

SUSE-SU-2016:0384-1

SUSE-SU-2016:0386-1

SUSE-SU-2016:0387-1

SUSE-SU-2016:0434-1

USN-2792-1

USN-2794-1

USN-2795-1

USN-2796-1

USN-2797-1

USN-2798-1

USN-2799-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

Ubuntu

PT-2015-5979 · Linux+5 · Linux Kernel+5

CVE-2015-2925

Related Identifiers

Affected Products

References · 185