Unrated severityNVD Advisory· Published Oct 1, 2015· Updated May 6, 2026

CVE-2015-1338

Description

kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.

Affected products

Apport Project/Apport
cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:*
Range: <=2.18.1
Canonical/Ubuntu Linux3 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

launchpad.net/apport/trunk/2.19nvdPatch
packetstormsecurity.com/files/133723/Ubuntu-Apport-kernel_crashdump-Symlink.htmlnvdExploit
www.halfdog.net/Security/2015/ApportKernelCrashdumpFileAccessVulnerabilities/nvdExploit
www.exploit-db.com/exploits/38353/nvdExploit
seclists.org/fulldisclosure/2015/Sep/101nvd
www.ubuntu.com/usn/USN-2744-1nvd
bugs.launchpad.net/ubuntu/+source/apport/+bug/1492570nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000