Описание
The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| linux | fixed | 4.2.1-1 | package | |
| linux | fixed | 3.16.7-ckt11-1+deb8u4 | jessie | package |
| linux | fixed | 3.2.68-1+deb7u5 | wheezy | package |
| linux-2.6 | removed | package |
Примечания
http://permalink.gmane.org/gmane.linux.kernel.containers/29173
http://permalink.gmane.org/gmane.linux.kernel.containers/29177
EPSS
Связанные уязвимости
The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."
The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."
The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."
The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."
ELSA-2016-3501: Unbreakable Enterprise kernel security update (IMPORTANT)
EPSS