CVE-2015-3629

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Docker Engine using Libcontainer version 1.6.0

Description The issue allows local users to escape containerization and write to arbitrary files on the host system via a symlink attack in an image when respawning a container. This is due to a "mount namespace breakout" in Libcontainer.

Recommendations For Docker Engine using Libcontainer version 1.6.0, consider restricting access to the container respawning functionality until a patch is available. As a temporary workaround, avoid using images that may be used for symlink attacks.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

ALT-PU-2015-1429

CVE-2015-3629

GHSA-G44J-7VP3-68CV

GO-2022-0647

OPENSUSE-SU-2024:10532-1

OPENSUSE-SU-2025:15589-1

SUSE-SU-2015:0984-1

SUSE-SU-2025:03540-1

SUSE-SU-2025:03545-1

Affected Products

Alt Linux

Docker Engine

Libcontainer

Suse

CVE-2015-3629

Weakness Enumeration

Related Identifiers

Affected Products

References · 272