CVE-2015-1328 (retired)

Priority
Description
The overlayfs implementation in the linux (aka Linux kernel) package before
3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions
for file creation in the upper filesystem directory, which allows local
users to obtain root access by leveraging a configuration in which
overlayfs is permitted in an arbitrary mount namespace.
Ubuntu-Description
Philip Pettersson discovered a privilege escalation when using overlayfs
mounts inside of user namespaces. A local user could exploit this flaw to
gain administrative privileges on the system.
Notes
tyhicksThis CVE is specific to Ubuntu since Ubuntu allows overlayfs mounts
inside of user namespaces
jdstrandandroid kernels (flo, goldfish, grouper, maguro, mako and manta) are
not supported on the Ubuntu Touch 14.10 and earlier preview kernels
linux-lts-saucy no longer receives official support
linux-lts-quantal no longer receives official support
Package
Source: linux (LP Ubuntu Debian)
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Patches:
Introduced by
local-2015-1328-break
Fixed by
local-2015-1328-fix
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
This package is not directly supported by the Ubuntu Security Team
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Product
linux-krillin:not-affected
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Patches:
This package is not directly supported by the Ubuntu Security Team
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
This package is not directly supported by the Ubuntu Security Team
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Package
Upstream:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Product
linux-vegetahd:not-affected
More Information

Updated: 2019-10-09 07:52:18 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)