CVE-2015-5231

MEDIUM

CRIU - Info Disclosure

Title source: llm

Description

The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access.

References (4)

[Mailing List] http://lists.opensuse.org/opensuse-updates/2015-09/msg00030.html

[Vendor Advisory] https://lists.openvz.org/pipermail/criu/2015-August/021847.html

[Mailing List] http://www.openwall.com/lists/oss-security/2015/08/25/5

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=1256728

Scores

CVSS v3 5.5

EPSS 0.0006

EPSS Percentile 18.6%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status draft

Affected Products (2)

criu/checkpoint\/restore_in_userspace

opensuse/opensuse

Timeline

Published Jun 07, 2016

Tracked Since Feb 18, 2026