Unrated severityNVD Advisory· Published Nov 16, 2015· Updated May 6, 2026

CVE-2015-2925

Description

The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."

Affected products

Canonical/Ubuntu Linux3 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Range: <3.2.72
osv-coords42 versions
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012 pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP1 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012 pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1 pkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012 pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012 pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012 pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1 pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012 pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1 pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012 pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_0&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012 pkg:rpm/suse/kgraft-patch-SLE12-SP1_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012 pkg:rpm/suse/kgraft-patch-SLE12_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012 pkg:rpm/suse/kgraft-patch-SLE12_Update_2&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012 pkg:rpm/suse/kgraft-patch-SLE12_Update_3&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012 pkg:rpm/suse/kgraft-patch-SLE12_Update_4&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012 pkg:rpm/suse/kgraft-patch-SLE12_Update_5&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012 pkg:rpm/suse/kgraft-patch-SLE12_Update_6&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012 pkg:rpm/suse/kgraft-patch-SLE12_Update_7&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012 pkg:rpm/suse/kgraft-patch-SLE12_Update_8&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012 pkg:rpm/suse/kgraft-patch-SLE12_Update_9&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012
< 3.12.51-52.31.1+ 41 more
- (no CPE)range: < 3.12.51-52.31.1
- (no CPE)range: < 3.12.51-60.20.2
- (no CPE)range: < 3.12.51-52.31.1
- (no CPE)range: < 3.12.51-60.20.2
- (no CPE)range: < 3.12.51-52.31.1
- (no CPE)range: < 3.12.51-60.20.2
- (no CPE)range: < 3.12.51-52.31.1
- (no CPE)range: < 3.12.51-60.20.2
- (no CPE)range: < 3.12.51-52.31.5
- (no CPE)range: < 3.12.51-60.20.2
- (no CPE)range: < 3.12.51-52.31.1
- (no CPE)range: < 3.12.51-52.31.1
- (no CPE)range: < 3.12.51-60.20.1
- (no CPE)range: < 3.12.51-52.31.1
- (no CPE)range: < 3.12.51-60.20.2
- (no CPE)range: < 3.12.51-52.31.1
- (no CPE)range: < 3.12.51-60.20.2
- (no CPE)range: < 3.12.51-52.31.1
- (no CPE)range: < 3.12.51-60.20.2
- (no CPE)range: < 3.12.51-52.31.1
- (no CPE)range: < 3.12.51-60.20.2
- (no CPE)range: < 3.12.51-52.31.1
- (no CPE)range: < 3.12.51-60.20.2
- (no CPE)range: < 3.12.51-52.31.1
- (no CPE)range: < 3.12.51-60.20.2
- (no CPE)range: < 3.12.51-52.31.1
- (no CPE)range: < 3.12.51-60.20.2
- (no CPE)range: < 3.12.51-52.31.1
- (no CPE)range: < 3.12.51-60.20.2
- (no CPE)range: < 3.12.51-52.31.1
- (no CPE)range: < 3.12.51-60.20.2
- (no CPE)range: < 2-5.1
- (no CPE)range: < 1-4.1
- (no CPE)range: < 5-2.1
- (no CPE)range: < 5-2.1
- (no CPE)range: < 4-2.1
- (no CPE)range: < 4-2.1
- (no CPE)range: < 4-2.1
- (no CPE)range: < 3-2.1
- (no CPE)range: < 3-2.1
- (no CPE)range: < 2-2.1
- (no CPE)range: < 1-2.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/nvdThird Party Advisory
git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/nvdThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.htmlnvdMailing ListThird Party Advisory
pkgs.fedoraproject.org/cgit/kernel.git/commit/nvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2015-2636.htmlnvdThird Party Advisory
rhn.redhat.com/errata/RHSA-2016-0068.htmlnvdThird Party Advisory
www.debian.org/security/2015/dsa-3364nvdThird Party Advisory
www.debian.org/security/2015/dsa-3372nvdThird Party Advisory
www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.4nvdVendor Advisory
www.openwall.com/lists/oss-security/2015/04/04/4nvdMailing ListThird Party Advisory
www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlnvdThird Party Advisory
www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlnvdThird Party Advisory
www.securityfocus.com/bid/73926nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-2792-1nvdThird Party Advisory
www.ubuntu.com/usn/USN-2794-1nvdThird Party Advisory
www.ubuntu.com/usn/USN-2795-1nvdThird Party Advisory
www.ubuntu.com/usn/USN-2798-1nvdThird Party Advisory
www.ubuntu.com/usn/USN-2799-1nvdThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
github.com/torvalds/linux/commit/397d425dc26da728396e66d392d5dcb8dac30c37nvdThird Party Advisory
github.com/torvalds/linux/commit/cde93be45a8a90d8c264c776fab63487b5038a65nvdThird Party Advisory
permalink.gmane.org/gmane.linux.kernel.containers/29173nvdBroken Link
permalink.gmane.org/gmane.linux.kernel.containers/29177nvdBroken Link

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000