CVE-2015-8660

EPSS 59.96% · P98 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2015-8660

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Linux kernel‘fs/overlayfs/inode.c’权限许可和访问控制问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Linux kernel是美国Linux基金会发布的开源操作系统Linux所使用的内核。NFSv4 implementation是其中的一个分布式文件系统协议。 Linux kernel 4.3.2及之前版本的fs/overlayfs/inode.c文件中的‘ovl_setattr’函数存在安全漏洞，该漏洞源于程序试图合并不同的setattr操作。本地攻击者可借助特制的应用程序利用该漏洞绕过既定的访问限制，修改任意overlay文件的属性。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2015-8660

#	POC Description	Source Link	Shenlong Link
1	这个代码包含了CVE-2015-8660漏洞的利用代码，还有注释，出现问题的源代码，打了补丁后的代码	https://github.com/whu-enjoy/CVE-2015-8660	POC Details
2	None	https://github.com/nhamle2/CVE-2015-8660	POC Details
3	None	https://github.com/carradolly/CVE-2015-8660	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2015-8660

Please Login to view more intelligence information

https://github.com/torvalds/linux/commit/acff81ec2c79492b180fade3c2894425cd35a545x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.htmlx_refsource_CONFIRM
http://packetstormsecurity.com/files/135151/Ubuntu-14.04-LTS-15.10-overlayfs-Local-Root.htmlx_refsource_MISC
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.htmlx_refsource_CONFIRM
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=acff81ec2c79492b180fade3c2894425cd35a545x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1291329x_refsource_CONFIRM
https://www.exploit-db.com/exploits/40688/exploitx_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/79671vdb-entryx_refsource_BID
https://www.exploit-db.com/exploits/39230/exploitx_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/39166/exploitx_refsource_EXPLOIT-DB
http://www.securitytracker.com/id/1034548vdb-entryx_refsource_SECTRACK
http://www.ubuntu.com/usn/USN-2858-2vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2858-1vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2857-2vendor-advisoryx_refsource_UBUNTU
http://www.ubuntu.com/usn/USN-2858-3vendor-advisoryx_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2016-1532.htmlvendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-1539.htmlvendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2016-1541.htmlvendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00043.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00039.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00040.htmlvendor-advisoryx_refsource_SUSE
http://www.openwall.com/lists/oss-security/2015/12/23/5mailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2015-8660

Same Patch Batch · n/a · 2015-12-28 · 30 CVEs total

CVE-2015-8647		多款Adobe产品释放后重用漏洞
CVE-2015-8569		Linux kernel 本地信息泄露漏洞
CVE-2015-8543		Linux kernel networking 拒绝服务漏洞
CVE-2015-8374		Linux kernel‘btrfs/inode.c’信息泄露漏洞
CVE-2015-7990		Linux kernel 竞争条件漏洞
CVE-2015-7885		Linux kernel 本地信息泄露漏洞
CVE-2015-7884		Linux kernel 本地信息泄露漏洞
CVE-2015-7509		Linux kernel 输入验证错误漏洞
CVE-2013-7446		Linux kernel 释放后重用漏洞
CVE-2015-6852		EMC Secure Remote Services Virtual Edition 目录遍历漏洞
CVE-2015-6850		EMC VPLEX GeoSynchrony 权限许可和访问控制漏洞
CVE-2015-8651		多款Adobe产品数字错误漏洞
CVE-2015-8650		多款Adobe产品释放后重用漏洞
CVE-2015-8649		多款Adobe产品释放后重用漏洞
CVE-2015-8648		多款Adobe产品释放后重用漏洞
CVE-2015-8459		多款Adobe产品缓冲区溢出漏洞
CVE-2015-8646		多款Adobe产品释放后重用漏洞
CVE-2015-8645		多款Adobe产品缓冲区溢出漏洞
CVE-2015-8644		多款Adobe产品安全漏洞
CVE-2015-8643		多款Adobe产品释放后重用漏洞

Showing top 20 of 30 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2015-8660

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2015-8660

I. Basic Information for CVE-2015-8660

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2015-8660

III. Intelligence Information for CVE-2015-8660

Same Patch Batch · n/a · 2015-12-28 · 30 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2015-8660

Leave a comment