What is CVE-2015-5191?

CVE-2015-5191 is a medium-severity vulnerability in Linux Linux_kernel, classified under Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition). CVSS score: 6.7/10. Published 2017-07-28.

How severe is CVE-2015-5191?

Medium severity. CVSS v3 base score is 6.7 out of 10.

Is CVE-2015-5191 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Linux Linux_kernel

CVE-2015-5191

VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/…

Vulnerability class: Race Condition

EPSS: 0.001 (20.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H.

Affected products

Linux Linux_kernel
Vmware Tools
Vmware Tools — versions VMware Tools prior to 10.0.9

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

Public proof-of-concept exploits

thdusdl1219/CVE-Study

References

security@vmware.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_BID)
security@vmware.com (x_refsource_CONFIRM, Vendor Advisory)
security@vmware.com (VDB Entry, Third Party Advisory, vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2015-5191?: CVE-2015-5191 is a medium-severity vulnerability in Linux Linux_kernel, classified under Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition). CVSS score: 6.7/10. Published 2017-07-28.
How severe is CVE-2015-5191?: Medium severity. CVSS v3 base score is 6.7 out of 10.
Is CVE-2015-5191 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.