The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a double-chroot attack.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | * | 4.2.3 (including) |