CVE-2015-2925

Name: CVE-2015-2925
Creator: NVD / NIST
Published: 2015-11-16T11:59:00.117+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.25%

Last modified Jun 17, 2026

CVE-2015-2925 is a vulnerability of currently unknown severity. The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack.". EPSS estimates a 1.25% chance of exploitation in the next 30 days.

Description

The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."

Metrics

EPSS Probability

1.25%

65.5th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Linux	Linux Kernel	< 3.2.72
Linux	Linux Kernel	>= 3.3, < 3.4.110
Linux	Linux Kernel	>= 3.5, < 3.10.91
Linux	Linux Kernel	>= 3.11, < 3.12.49
Linux	Linux Kernel	>= 3.13, < 3.14.55
Linux	Linux Kernel	>= 3.15, < 3.16.35
Linux	Linux Kernel	>= 3.17, < 3.18.23
Linux	Linux Kernel	>= 3.19, < 4.1.11
Linux	Linux Kernel	>= 4.2, < 4.2.4
Debian	Debian Linux	7.0
Debian	Debian Linux	8.0
Canonical	Ubuntu Linux	12.04
Canonical	Ubuntu Linux	14.04
Canonical	Ubuntu Linux	15.04

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=397d425dc26da728396e66d392d5dcb8dac30c37Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cde93be45a8a90d8c264c776fab63487b5038a65Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.htmlMailing List, Third Party Advisory
http://permalink.gmane.org/gmane.linux.kernel.containers/29173Broken Link
http://permalink.gmane.org/gmane.linux.kernel.containers/29177Broken Link
http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?h=f22&id=520b64102de2f184036024b2a53de2b67463bd78Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2636.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0068.htmlThird Party Advisory
http://www.debian.org/security/2015/dsa-3364Third Party Advisory
http://www.debian.org/security/2015/dsa-3372Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.4Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/04/04/4Mailing List, Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlThird Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlThird Party Advisory
http://www.securityfocus.com/bid/73926Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/USN-2792-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2794-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2795-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2798-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2799-1Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1209367Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1209373Issue Tracking, Third Party Advisory
https://github.com/torvalds/linux/commit/397d425dc26da728396e66d392d5dcb8dac30c37Third Party Advisory
https://github.com/torvalds/linux/commit/cde93be45a8a90d8c264c776fab63487b5038a65Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=397d425dc26da728396e66d392d5dcb8dac30c37Third Party Advisory
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cde93be45a8a90d8c264c776fab63487b5038a65Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00007.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00009.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00017.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00018.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00019.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00020.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00021.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00022.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00034.htmlMailing List, Third Party Advisory
http://permalink.gmane.org/gmane.linux.kernel.containers/29173Broken Link
http://permalink.gmane.org/gmane.linux.kernel.containers/29177Broken Link
http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?h=f22&id=520b64102de2f184036024b2a53de2b67463bd78Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2636.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-0068.htmlThird Party Advisory
http://www.debian.org/security/2015/dsa-3364Third Party Advisory
http://www.debian.org/security/2015/dsa-3372Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.2.4Vendor Advisory
http://www.openwall.com/lists/oss-security/2015/04/04/4Mailing List, Third Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlThird Party Advisory
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.htmlThird Party Advisory
http://www.securityfocus.com/bid/73926Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/USN-2792-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2794-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2795-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2798-1Third Party Advisory
http://www.ubuntu.com/usn/USN-2799-1Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1209367Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1209373Issue Tracking, Third Party Advisory
https://github.com/torvalds/linux/commit/397d425dc26da728396e66d392d5dcb8dac30c37Third Party Advisory
https://github.com/torvalds/linux/commit/cde93be45a8a90d8c264c776fab63487b5038a65Third Party Advisory

Timeline

Published: Nov 16, 2015
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-2925?

How severe is CVE-2015-2925?

Severity scoring for CVE-2015-2925 is pending analysis. The EPSS model estimates a 1.25% probability of exploitation in the next 30 days.

How do I fix CVE-2015-2925?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-2925?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST