CVE-2024-22365

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions linux-pam versions prior to 1.6.0

Description The issue is related to the protect dir function in the pam namespace module of Linux-PAM, which is associated with incorrect resource cleanup or release. This can allow a remote attacker to cause a denial of service, resulting in a blocked login process. The problem arises because the openat call for protect dir lacks the O DIRECTORY flag, making it possible for attackers to exploit this via mkfifo.

Recommendations For versions prior to 1.6.0, update to version 1.6.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the pam namespace module until a patch is available. Avoid using the protect dir function in the pam namespace module until the issue is resolved.

Exploit

Fix

DoS

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-664CWE-404

Related Identifiers

ALSA-2024:2438

ALSA-2024:3163

ALT-PU-2024-12808

ALT-PU-2024-8886

AZL-34156

AZL-35100

BDU:2024-00829

CESA-2024_3163

CVE-2024-22365

DLA-4306-1

ECHO-D2CB-5160-7EB5

INFSA-2024_2438

INFSA-2024_3163

MGASA-2024-0030

OESA-2024-1096

OESA-2024-1129

OESA-2024-1130

OPENSUSE-SU-2024:13616-1

OPENSUSE-SU-2024_0136-1

RHSA-2024:2438

RHSA-2024:3163

RHSA-2024_2438

RHSA-2024_3163

RLSA-2024:3163

ROSA-SA-2025-2608

SUSE-SU-2024:0136-1

SUSE-SU-2024:0136-2

SUSE-SU-2024:0137-1

SUSE-SU-2024_0136-1

SUSE-SU-2024_0137-1

USN-6588-1

USN-6588-2

Affected Products

Alt Linux

Almalinux

Centos

Debian

Linuxmint

Linux-Pam

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2024-22365

Weakness Enumeration

Related Identifiers

Affected Products

References · 77