CVE-2015-5228
Publication date 7 June 2016
Last updated 25 August 2025
Ubuntu priority
Cvss 3 Severity Score
Description
The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| criu | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
Severity score breakdown
CVSS version: CVSS v3.0
Base score
7.8 · High
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H