Red Hat Bugzilla – Bug 1255782
CVE-2015-5228 criu: arbitrary file creation and chown
Last modified: 2015-08-25 08:10:01 EDT
It was discovered that local users could use the criu daemon to create
arbitrary files and take ownership of existing files, due to the
creation of log and dump files in a user-supplied directory path.
This allows unprivileged local users to gain root privileges.
This issue was discovered by Florian Weimer of Red Hat Product Security.
Created criu tracking bugs for this issue:
Affects: fedora-all [bug 1256747]