High severity7.8NVD Advisory· Published Jun 7, 2016· Updated May 6, 2026

CVE-2015-5228

Description

The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a directory path.

Affected products

Criu/Checkpoint\/restore In Userspace
cpe:2.3:a:criu:checkpoint\/restore_in_userspace:-:*:*:*:*:*:*:*
OpenSUSE/openSUSE
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.openvz.org/pipermail/criu/2015-August/021847.htmlnvdVendor Advisory
lists.opensuse.org/opensuse-updates/2015-09/msg00030.htmlnvd
www.openwall.com/lists/oss-security/2015/08/25/5nvd
bugzilla.redhat.com/show_bug.cginvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000