CVE-2024-22365
pam: allowing unprivileged user to block another user namespace
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
linux-pam (también conocido como Linux PAM) anterior a 1.6.0 permite a los atacantes provocar una denegación de servicio (proceso de inicio de sesión bloqueado) a través de mkfifo porque la llamada openat (para protect_dir) carece de O_DIRECTORY.
A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat()` in `protect_dir()` to block the attempt, causing a local denial of service.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-01-09 CVE Reserved
- 2024-01-18 CVE Published
- 2024-02-14 EPSS Updated
- 2024-08-01 CVE Updated
- 2024-08-01 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-277: Insecure Inherited Permissions
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://github.com/linux-pam/linux-pam | Product | |
| https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0 | Release Notes |
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2024/01/18/3 | 2024-08-01 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb | 2024-02-14 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-22365 | 2024-05-22 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2257722 | 2024-05-22 |