The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.html
http://permalink.gmane.org/gmane.linux.kernel.containers/29173
http://permalink.gmane.org/gmane.linux.kernel.containers/29177
http://rhn.redhat.com/errata/RHSA-2015-2636.html
http://rhn.redhat.com/errata/RHSA-2016-0068.html
http://www.debian.org/security/2015/dsa-3364
http://www.debian.org/security/2015/dsa-3372
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.4
http://www.openwall.com/lists/oss-security/2015/04/04/4
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
http://www.securityfocus.com/bid/73926
http://www.ubuntu.com/usn/USN-2792-1
http://www.ubuntu.com/usn/USN-2794-1
http://www.ubuntu.com/usn/USN-2795-1
http://www.ubuntu.com/usn/USN-2798-1
http://www.ubuntu.com/usn/USN-2799-1
https://bugzilla.redhat.com/show_bug.cgi?id=1209367
https://bugzilla.redhat.com/show_bug.cgi?id=1209373
https://github.com/torvalds/linux/commit/397d425dc26da728396e66d392d5dcb8dac30c37
https://github.com/torvalds/linux/commit/cde93be45a8a90d8c264c776fab63487b5038a65
OR
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions up to 4.2.3 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
124977 | EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1524) | Nessus | Huawei Local Security Checks | high |
124811 | EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1487) | Nessus | Huawei Local Security Checks | high |
99781 | EulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1018) | Nessus | Huawei Local Security Checks | medium |
89435 | Fedora 22 : kernel-4.1.10-200.fc22 (2015-dcc260f2f2) | Nessus | Fedora Local Security Checks | medium |
89427 | Fedora 21 : kernel-4.1.10-100.fc21 (2015-d7e074ba30) | Nessus | Fedora Local Security Checks | medium |
89222 | Fedora 23 : kernel-4.2.3-300.fc23 (2015-43145298f4) | Nessus | Fedora Local Security Checks | medium |
88572 | RHEL 7 : kernel (RHSA-2015:2587) | Nessus | Red Hat Local Security Checks | medium |
88571 | RHEL 7 : kernel-rt (RHSA-2015:2411) | Nessus | Red Hat Local Security Checks | medium |
88545 | openSUSE Security Update : the Linux Kernel (openSUSE-2016-124) | Nessus | SuSE Local Security Checks | critical |
88405 | RHEL 6 : MRG (RHSA-2016:0068) | Nessus | Red Hat Local Security Checks | high |
87905 | F5 Networks BIG-IP : Linux kernel vulnerabilities (K31026324) | Nessus | F5 Networks Local Security Checks | medium |
87559 | Scientific Linux Security Update : kernel on SL7.x x86_64 (20151119) | Nessus | Scientific Linux Local Security Checks | medium |
87495 | SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:2292-1) | Nessus | SuSE Local Security Checks | medium |
87403 | Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20151215) | Nessus | Scientific Linux Local Security Checks | medium |
87398 | RHEL 6 : kernel (RHSA-2015:2636) | Nessus | Red Hat Local Security Checks | medium |
87396 | Oracle Linux 6 : kernel (ELSA-2015-2636) | Nessus | Oracle Linux Local Security Checks | medium |
87381 | CentOS 6 : kernel (CESA-2015:2636) | Nessus | CentOS Local Security Checks | medium |
87214 | SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:2194-1) | Nessus | SuSE Local Security Checks | medium |
87135 | CentOS 7 : kernel (CESA-2015:2152) | Nessus | CentOS Local Security Checks | high |
87090 | Oracle Linux 7 : kernel (ELSA-2015-2152) | Nessus | Oracle Linux Local Security Checks | high |
86972 | RHEL 7 : kernel (RHSA-2015:2152) | Nessus | Red Hat Local Security Checks | high |
86789 | Ubuntu 15.04 : linux vulnerabilities (USN-2799-1) | Nessus | Ubuntu Local Security Checks | medium |
86788 | Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-2798-1) | Nessus | Ubuntu Local Security Checks | medium |
86787 | Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2797-1) | Nessus | Ubuntu Local Security Checks | medium |
86786 | Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2795-1) | Nessus | Ubuntu Local Security Checks | medium |
86785 | Ubuntu 14.04 LTS : linux vulnerabilities (USN-2794-1) | Nessus | Ubuntu Local Security Checks | medium |
86783 | Ubuntu 12.04 LTS : linux vulnerabilities (USN-2792-1) | Nessus | Ubuntu Local Security Checks | medium |
86668 | openSUSE Security Update : the Linux Kernel (openSUSE-2015-686) | Nessus | SuSE Local Security Checks | high |
86634 | Amazon Linux AMI : kernel (ALAS-2015-603) | Nessus | Amazon Linux Local Security Checks | critical |
86375 | Debian DSA-3372-1 : linux - security update | Nessus | Debian Local Security Checks | medium |
86357 | Debian DLA-325-1 : linux-2.6 security update | Nessus | Debian Local Security Checks | medium |
86050 | Debian DSA-3364-1 : linux - security update | Nessus | Debian Local Security Checks | medium |