CVE-2015-5228

Published: Jun 7, 2016Modified: May 6, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path.

Affected (2)

Products: Opensuse: Opensuse · Criu: Checkpoint/restore In Userspace

Opensuse

1 product

Opensuse

Criu

1 product

Checkpoint/restore In Userspace

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Criu Checkpoint/restore In Userspace	All versions

Related CWEs

CWE-264

References (8)

http://lists.opensuse.org/opensuse-updates/2015-09/msg00030.html

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2015/08/25/5

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1255782

Source: secalert@redhat.com

https://lists.openvz.org/pipermail/criu/2015-August/021847.html

Source: secalert@redhat.com

Vendor Advisory

http://lists.opensuse.org/opensuse-updates/2015-09/msg00030.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2015/08/25/5

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=1255782

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.openvz.org/pipermail/criu/2015-August/021847.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.