CVE-2015-1338

Severity CVSS v4.0:
Pending analysis
Type:
CWE-59 Link Following
Publication date:
01/10/2015
Last modified:
12/04/2025

Description

kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:apport_project:apport:*:*:*:*:*:*:*:* 2.18.1 (including)
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*