CVE 2015-1328
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
Related bugs and status
CVE-2015-1328 (Candidate) is related to these bugs:
Bug #1443371: netns: enhance netlink interface for nsid
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1443371 | netns: enhance netlink interface for nsid | linux (Ubuntu) | Medium | Fix Released | ||
1443371 | netns: enhance netlink interface for nsid | linux (Ubuntu Trusty) | Medium | Won't Fix | ||
1443371 | netns: enhance netlink interface for nsid | linux (Ubuntu Precise) | Medium | Won't Fix | ||
1443371 | netns: enhance netlink interface for nsid | linux (Ubuntu Vivid) | Medium | Won't Fix | ||
1443371 | netns: enhance netlink interface for nsid | linux (Ubuntu Utopic) | Medium | Won't Fix | ||
1443371 | netns: enhance netlink interface for nsid | linux (Ubuntu Wily) | Medium | Fix Released |
Bug #1453117: Partitions not recognized because of kernel option CONFIG_ACORN_PARTITION_CUMANA
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1453117 | Partitions not recognized because of kernel option CONFIG_ACORN_PARTITION_CUMANA | linux (Ubuntu) | High | Fix Released | ||
1453117 | Partitions not recognized because of kernel option CONFIG_ACORN_PARTITION_CUMANA | linux (Ubuntu Wily) | High | Fix Released | ||
1453117 | Partitions not recognized because of kernel option CONFIG_ACORN_PARTITION_CUMANA | linux (Ubuntu Vivid) | Undecided | Fix Released |
Bug #1464560: Backport request: include PRD support for OpenPower kernels
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1464560 | Backport request: include PRD support for OpenPower kernels | linux (Ubuntu) | High | Fix Released | ||
1464560 | Backport request: include PRD support for OpenPower kernels | linux (Ubuntu Vivid) | High | Fix Released | ||
1464560 | Backport request: include PRD support for OpenPower kernels | linux (Ubuntu Utopic) | High | Invalid |
Bug #1465400: CVE-2015-1328
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1465400 | CVE-2015-1328 | linux (Ubuntu) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-fsl-imx51 (Ubuntu) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-mvl-dove (Ubuntu) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-lts-backport-maverick (Ubuntu) | Undecided | New | ||
1465400 | CVE-2015-1328 | linux-lts-backport-natty (Ubuntu) | Undecided | New | ||
1465400 | CVE-2015-1328 | linux-ti-omap4 (Ubuntu) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-ec2 (Ubuntu) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux (Ubuntu Wily) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-ec2 (Ubuntu Wily) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-fsl-imx51 (Ubuntu Wily) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-lts-backport-maverick (Ubuntu Wily) | Undecided | New | ||
1465400 | CVE-2015-1328 | linux-lts-backport-natty (Ubuntu Wily) | Undecided | New | ||
1465400 | CVE-2015-1328 | linux-mvl-dove (Ubuntu Wily) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-ti-omap4 (Ubuntu Wily) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux (Ubuntu Vivid) | High | Fix Released | ||
1465400 | CVE-2015-1328 | linux-ec2 (Ubuntu Vivid) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-fsl-imx51 (Ubuntu Vivid) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-lts-backport-maverick (Ubuntu Vivid) | Undecided | New | ||
1465400 | CVE-2015-1328 | linux-lts-backport-natty (Ubuntu Vivid) | Undecided | New | ||
1465400 | CVE-2015-1328 | linux-mvl-dove (Ubuntu Vivid) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-ti-omap4 (Ubuntu Vivid) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-lts-backport-maverick (Ubuntu Utopic) | Undecided | Won't Fix | ||
1465400 | CVE-2015-1328 | linux-lts-backport-natty (Ubuntu Utopic) | Undecided | Won't Fix | ||
1465400 | CVE-2015-1328 | linux (Ubuntu Trusty) | High | Fix Released | ||
1465400 | CVE-2015-1328 | linux-ec2 (Ubuntu Trusty) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-fsl-imx51 (Ubuntu Trusty) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-lts-backport-maverick (Ubuntu Trusty) | Undecided | New | ||
1465400 | CVE-2015-1328 | linux-lts-backport-natty (Ubuntu Trusty) | Undecided | New | ||
1465400 | CVE-2015-1328 | linux-mvl-dove (Ubuntu Trusty) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-ti-omap4 (Ubuntu Trusty) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux (Ubuntu Precise) | High | Fix Released | ||
1465400 | CVE-2015-1328 | linux-ec2 (Ubuntu Precise) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-fsl-imx51 (Ubuntu Precise) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-lts-backport-maverick (Ubuntu Precise) | Undecided | Won't Fix | ||
1465400 | CVE-2015-1328 | linux-lts-backport-natty (Ubuntu Precise) | Undecided | Won't Fix | ||
1465400 | CVE-2015-1328 | linux-mvl-dove (Ubuntu Precise) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-ti-omap4 (Ubuntu Precise) | High | Fix Released | ||
1465400 | CVE-2015-1328 | linux-lts-trusty (Ubuntu) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-lts-trusty (Ubuntu Precise) | High | Fix Released | ||
1465400 | CVE-2015-1328 | linux-lts-trusty (Ubuntu Trusty) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-lts-trusty (Ubuntu Vivid) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-lts-trusty (Ubuntu Wily) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-armadaxp (Ubuntu) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-armadaxp (Ubuntu Precise) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-armadaxp (Ubuntu Trusty) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-armadaxp (Ubuntu Vivid) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-armadaxp (Ubuntu Wily) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-goldfish (Ubuntu) | High | New | ||
1465400 | CVE-2015-1328 | linux-goldfish (Ubuntu Precise) | High | Invalid | ||
1465400 | CVE-2015-1328 | linux-goldfish (Ubuntu Trusty) | High | Invalid |
Bug #1469240: Please ship dm-service-time in multipath-modules
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1469240 | Please ship dm-service-time in multipath-modules | linux (Ubuntu) | High | Fix Released |
Bug #1469829: ppc64el should use 'deadline' as default io scheduler
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1469829 | ppc64el should use 'deadline' as default io scheduler | linux (Ubuntu) | Medium | Fix Released | ||
1469829 | ppc64el should use 'deadline' as default io scheduler | linux (Ubuntu Vivid) | Medium | Fix Released | ||
1469829 | ppc64el should use 'deadline' as default io scheduler | linux (Ubuntu Trusty) | Medium | Fix Released | ||
1469829 | ppc64el should use 'deadline' as default io scheduler | linux (Ubuntu Utopic) | Medium | Won't Fix | ||
1469829 | ppc64el should use 'deadline' as default io scheduler | linux-lts-utopic (Ubuntu Trusty) | Medium | Fix Released | ||
1469829 | ppc64el should use 'deadline' as default io scheduler | The Ubuntu-power-systems project | Medium | Fix Released |
Bug #1473319: CONFIG_DRM_I915_PRELIMINARY_HW_SUPPORT should be disabled
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1473319 | CONFIG_DRM_I915_PRELIMINARY_HW_SUPPORT should be disabled | linux (Ubuntu) | Medium | Fix Released |
Bug #1473447: linux: VM86 should be disabled
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1473447 | linux: VM86 should be disabled | linux (Ubuntu) | Medium | Fix Released |
Bug #1473560: microphone regression on 4.1
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1473560 | microphone regression on 4.1 | linux (Ubuntu) | Medium | Fix Released | ||
1473560 | microphone regression on 4.1 | Linux | Unknown | Unknown |
Bug #1474810: linux-initramfs-tool dependancy is not plural
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1474810 | linux-initramfs-tool dependancy is not plural | linux (Ubuntu) | Low | Fix Released | ||
1474810 | linux-initramfs-tool dependancy is not plural | linux (Ubuntu Wily) | Low | Fix Released | ||
1474810 | linux-initramfs-tool dependancy is not plural | linux (Ubuntu Vivid) | Low | Invalid |
Bug #1476333: linux: 4.1.0-1.1 -proposed tracker
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1476333 | linux: 4.1.0-1.1 -proposed tracker | linux (Ubuntu) | Medium | Fix Released | ||
1476333 | linux: 4.1.0-1.1 -proposed tracker | linux (Ubuntu Wily) | Medium | Fix Released | ||
1476333 | linux: 4.1.0-1.1 -proposed tracker | Kernel Development Workflow | Medium | Fix Released | ||
1476333 | linux: 4.1.0-1.1 -proposed tracker | Kernel Development Workflow automated-testing | Medium | Won't Fix | ||
1476333 | linux: 4.1.0-1.1 -proposed tracker | Kernel Development Workflow prepare-package | Medium | Fix Released | ||
1476333 | linux: 4.1.0-1.1 -proposed tracker | Kernel Development Workflow prepare-package-meta | Medium | Fix Released | ||
1476333 | linux: 4.1.0-1.1 -proposed tracker | Kernel Development Workflow prepare-package-signed | Medium | Fix Released | ||
1476333 | linux: 4.1.0-1.1 -proposed tracker | Kernel Development Workflow promote-to-proposed | Medium | Fix Released | ||
1476333 | linux: 4.1.0-1.1 -proposed tracker | Kernel Development Workflow promote-to-release | Medium | Fix Released |
Bug #1793458: Overlayfs in user namespace leaks directory content of inaccessible directories
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
1793458 | Overlayfs in user namespace leaks directory content of inaccessible directories | linux (Ubuntu) | Medium | Fix Released | ||
1793458 | Overlayfs in user namespace leaks directory content of inaccessible directories | linux (Ubuntu Bionic) | Medium | Fix Released | ||
1793458 | Overlayfs in user namespace leaks directory content of inaccessible directories | linux (Ubuntu Disco) | Medium | Fix Released | ||
1793458 | Overlayfs in user namespace leaks directory content of inaccessible directories | linux (Ubuntu Cosmic) | Medium | Fix Released |
See the
CVE page on Mitre.org
for more details.