CRIU Service Daemon Vulnerability: Unauthorized Access to Sensitive Information

CRIU Service Daemon Vulnerability: Unauthorized Access to Sensitive Information

CVE-2015-5231 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access.

Learn more about our User Device Pen Test.