CVE-2015-2925

Medium CVSS 6.9

Overview

The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."

CWE: N/A Published: 2015-11-16T11:59:00.117

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.9 (MEDIUM)
Detected tags: none (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags