- Description
- linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
- Source
- cve@mitre.org
- NVD status
- Modified
- Products
- linux-pam
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
- Severity
- MEDIUM
- Hype score
- Not currently trending
Debian 11: PAM Important DoS and Access Risk CVE-2024-22365 DLA-4306-1 https://t.co/zuL7c9Tr1x Multiple vulnerabilities were found in PAM namespace module used to configure private namespaces for user sessions. CVE-2024-22365
@zeeshankghouri
22 Sept 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐จ Critical #Debian 11 update: PAM vulnerabilities (CVE-2024-22365, CVE-2025-6020) allow DoS and root privilege escalation via symlink attacks. Read more: ๐ https://t.co/CHOpQitsi0 #Security https://t.co/c5PdM3k8wh
@Cezar_H_Linux
21 Sept 2025
102 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:linux-pam:linux-pam:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B735A60-FB87-4597-BFF4-A6ED201E71A1",
"versionEndExcluding": "1.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]