ubuntu · CVE-2015-1328

Quick triage

Priority: high Published: 2015-06-15 00:00:00 UTC Updated: 2025-08-25 21:34:34 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2015-1328 high priority: Ubuntu including 30 source packages (linux, linux-armadaxp, …), 223 status rows across 8 suites (precise, trusty, upstream, utopic, vivid, wily, xenial, yakkety): DNE 147, not-affected 64, ignored 6, released 6.

Description:

The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.

cvelogic Threat Intelligence