- Description
- A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.
- Source
- secalert@redhat.com
- NVD status
- Modified
- Products
- linux-pam
CVSS 3.1
- Type
- Secondary
- Base score
- 4.7
- Impact score
- 3.6
- Exploitability score
- 1
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
๐จ #SUSE Security Update: Patch for CVE-2024-10041 is live for SLE Server 12 SP5. Fixes a mod-severity vuln AND a CPU performance regression. Affected products & patch commands. Read more:๐ https://t.co/VM8GKj5ZEs #Security https://t.co/t0iZ31m
@Cezar_H_Linux
26 Aug 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ #SUSE Security Update Alert! ๐จ Patch CVE-2024-10041 in PAM and fix a CPU performance regression. A 2-in-1 update for: โ Security โ Performance Affects: #SUSE LES 15 SP6/SP7, #openSUSE Leap 15.6, MicroOS. Read more: ๐ https://t.co/A3DFTUw1qr #Security https://t.co/
@Cezar_H_Linux
26 Aug 2025
69 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
๐ Critical #LinuxSecurity Update! openSUSE 15.4 patches CVE-2024-10041 in AppArmorโfixes shadow file access bugs. Read more: ๐ https://t.co/A0iacnMKQ5 #SysAdmin #CyberSecurity https://
@Cezar_H_Linux
14 May 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
โ ๏ธ Critical PAM flaw in Gentoo Linux (CVE-2024-10041)! Password leakage risk โ patch immediately: emerge ">=sys-libs/pam-1.7.0_p20241230" Read more: ๐https://t.co/lPZh7A4I50 #InfoSec #LinuxAdmin #CyberThreat https://t.co/rtabDBsiwY
@Cezar_H_Linux
12 May 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
โ ๏ธ SUSE Linux users! CVE-2024-10041 (CVSS 5.7) allows shadow file leaks if unpatched. Fix: zypper in -t patch SUSE-2025-1511=1 Details: ๐https://t.co/7qMUo6ja7P #InfoSec #Linux https://t.co/uyaBlVmuNL
@Cezar_H_Linux
9 May 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ SUSE issues critical patch for CVE-2024-10041 (CVSS 5.7)! Affects AppArmor in Leap 15.5, SLE, and HPC. Fix: zypper in -t patch SUSE-2025-1512=1 Read more: https://t.co/tntrgLG7IA ๐ #SUSE #Security https://t.co/qOwasGjcfm
@Cezar_H_Linux
9 May 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ CVE-2024-10041 (Published: 2024-10-23) affects Red Hat products. Ensure your systems are updated to the latest versions to mitigate exploitation risks. For detailed remediation steps, visit: https://t.co/S40GdxDdIG. Stay secure! ๐ #CyberSecurity #RedHat
@transilienceai
27 Oct 2024
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ CVE-2024-10041 (Published: 2024-10-23) affects Red Hat products. This vulnerability impacts specific versions, allowing potential exploitation. Ensure your systems are updated to the latest patches to mitigate risks. For detailed remediation steps, visit:โฆ https://t.co/FiHxCSO
@transilienceai
27 Oct 2024
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ CVE-2024-10041 (Published: 2024-10-23) affects Red Hat products. This vulnerability impacts specific versions, allowing potential exploitation. To safeguard your systems, ensure you apply the latest patches and updates. For detailed remediation steps, visit:โฆ https://t.co/5Gyt
@transilienceai
26 Oct 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10041 A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to itโฆ https://t.co/z20HAJTyXH
@CVEnew
23 Oct 2024
316 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:-:*:*:*:*:*:*:*",
"matchCriteriaId": "20ED7FC4-9FBB-4886-9FF0-BBBCBBE852D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]