PT-2016-3673 · Criu Team · Criu

Florian Weimer

Published

2016-06-07

Updated

2024-06-15

CVE-2015-5228

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CRIU (affected versions not specified)

Description The issue concerns the service daemon in CRIU, which creates log and dump files insecurely. This insecurity allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2015-5228

OPENSUSE-SU-2024:10278-1

Affected Products

Criu

PT-2016-3673 · Criu Team · Criu

CVE-2015-5228

Weakness Enumeration

Related Identifiers

Affected Products

References · 14