CVE-2015-1328
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- January 22, 2015
- Published Date
- November 28, 2016
- Last Updated
- August 06, 2024
- Vendor
- n/a
- Product
- n/a
- Description
- The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
CVSS Scores
CVSS v3.0
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Exploit Status
- Proof of Concept Available
- Yes (added 2022-02-07 10:52:51 UTC) Source
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| The Shadowserver (via CIRCL) | 2025-09-19 06:22:04 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/local/overlayfs_priv_esc.rb | 2025-04-28 15:02:13 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
devtz007/overlayfs_CVE-2015-1328
Type: github • Created: 2024-11-27 08:39:41 UTC • Stars: 0
YastrebX/CVE-2015-1328
Type: github • Created: 2024-11-12 16:25:25 UTC • Stars: 0
elit3pwner/CVE-2015-1328-GoldenEye
Type: github • Created: 2022-02-07 10:52:51 UTC • Stars: 9
notlikethis/CVE-2015-1328
Type: github • Created: 2021-06-26 22:20:07 UTC • Stars: 0
SR7-HACKING/LINUX-VULNERABILITY-CVE-2015-1328
Type: github • Created: 2020-05-12 17:02:44 UTC • Stars: 0
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Proof of Concept Exploit Available
-
Detected by Metasploit
-
Added to KEVIntel