CVE-2015-5231

EUVD-2015-5227
The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
criucheckpoint\/restore_in_userspace
-
opensuseopensuse
13.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
criu
bookworm
3.17.1-2
fixed
sid
3.19-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
criu
artful
ignored
bionic
not-affected
cosmic
not-affected
precise
dne
trusty
dne
vivid
ignored
wily
ignored
xenial
not-affected
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-updates/2015-09/msg00030.html
http://www.openwall.com/lists/oss-security/2015/08/25/5
https://bugzilla.redhat.com/show_bug.cgi?id=1256728
https://lists.openvz.org/pipermail/criu/2015-August/021847.html
http://lists.opensuse.org/opensuse-updates/2015-09/msg00030.html
http://www.openwall.com/lists/oss-security/2015/08/25/5
https://bugzilla.redhat.com/show_bug.cgi?id=1256728
https://lists.openvz.org/pipermail/criu/2015-August/021847.html