[kernel-sec-discuss] r3735 - active
Ben Hutchings
benh at moszumanska.debian.org
Sun Apr 12 19:12:20 UTC 2015
Author: benh
Date: 2015-04-12 19:12:20 +0000 (Sun, 12 Apr 2015)
New Revision: 3735
Added:
active/CVE-2015-2925
Log:
Add CVE-2015-2925
Added: active/CVE-2015-2925
===================================================================
--- active/CVE-2015-2925 (rev 0)
+++ active/CVE-2015-2925 2015-04-12 19:12:20 UTC (rev 3735)
@@ -0,0 +1,17 @@
+Description: Escape from sub-tree of bind-mounts
+References:
+ http://thread.gmane.org/gmane.linux.kernel.containers/28939/
+ https://marc.info/?l=oss-security&m=142805871412239&w=2
+Notes:
+ bwh> I was unable to reproduce using the instructions on oss-security
+ bwh> so I'm not clear exactly what goes wrong. However this appears
+ bwh> to be dependent on having CAP_SYS_ADMIN in a user namespace (to
+ bwh> change therefore not relevant to older kernel versions.
+Bugs:
+upstream: needed
+2.6.32-upstream-stable: N/A "user namespaces known broken before 3.5"
+sid: needed
+3.2-wheezy-security: N/A "user namespaces known broken before 3.5"
+2.6.32-squeeze-security: N/A "user namespaces known broken before 3.5"
+3.16-upstream-stable: needed
+3.2-upstream-stable: N/A "user namespaces known broken before 3.5"
More information about the kernel-sec-discuss
mailing list