{
  "threat_severity" : "Important",
  "public_date" : "2015-04-03T00:00:00Z",
  "bugzilla" : {
    "description" : "Kernel: vfs: Do not allow escaping from bind mounts",
    "id" : "1209367",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1209367"
  },
  "cvss" : {
    "cvss_base_score" : "6.0",
    "cvss_scoring_vector" : "AV:L/AC:H/Au:S/C:C/I:C/A:C",
    "status" : "verified"
  },
  "cwe" : "CWE-22",
  "details" : [ "The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a \"double-chroot attack.\"", "A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system." ],
  "statement" : "This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise Linux 5.\nThis issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6 and 7 and Red Hat Enterprise MRG 2. Future kernel updates for the respective releases may address this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2015-12-15T00:00:00Z",
    "advisory" : "RHSA-2015:2636",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "kernel-0:2.6.32-573.12.1.el6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-11-19T00:00:00Z",
    "advisory" : "RHSA-2015:2411",
    "cpe" : "cpe:/a:redhat:rhel_extras_rt:7",
    "package" : "kernel-rt-0:3.10.0-327.rt56.204.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2015-11-19T00:00:00Z",
    "advisory" : "RHSA-2015:2152",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "kernel-0:3.10.0-327.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.1 Extended Update Support",
    "release_date" : "2015-12-09T00:00:00Z",
    "advisory" : "RHSA-2015:2587",
    "cpe" : "cpe:/o:redhat:rhel_eus:7.1",
    "package" : "kernel-0:3.10.0-229.24.2.ael7b"
  }, {
    "product_name" : "Red Hat Enterprise MRG 2",
    "release_date" : "2016-01-26T00:00:00Z",
    "advisory" : "RHSA-2016:0068",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:2:server:el6",
    "package" : "kernel-rt-1:3.10.0-327.rt56.170.el6rt"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2015-2925\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-2925" ],
  "name" : "CVE-2015-2925",
  "csaw" : false
}