PT-2024-15991 · Pam+7 · Pam+7

Published

2024-10-18

·

Updated

2026-05-10

·

CVE-2024-10041

CVSS v3.1

4.7

Medium

VectorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions PAM (affected versions not specified)
Description A vulnerability was found in PAM, where secret information is stored in memory. An attacker can trigger the victim program to execute by sending characters to its standard input (stdin), allowing them to train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insecure Storage of Sensitive Information

Weakness Enumeration

CWE-922

Related Identifiers

ALSA-2024:10379
ALSA-2024:11250
AZL-51693
AZL-51729
BDU:2025-05059
CESA-2024_10379
CLEANSTART-2026-AX77726
CVE-2024-10041
ECHO-B710-0586-640F
INFSA-2024_10379
MGASA-2025-0149
OESA-2025-1598
OESA-2025-1599
OESA-2025-1600
OESA-2025-1601
OPENSUSE-SU-2025:15477-1
OPENSUSE-SU-2025_1334-1
OPENSUSE-SU-2025_1505-1
OPENSUSE-SU-2025_1511-1
OPENSUSE-SU-2025_1512-1
OPENSUSE-SU-2025_1549-1
OPENSUSE-SU-2026:20533-1
RHSA-2024:10379
RHSA-2024:11250
RHSA-2024:9941
RHSA-2024_10379
RHSA-2024_11250
RLSA-2024:10379
SUSE-SU-2025:01511-1
SUSE-SU-2025:02970-1
SUSE-SU-2025:02970-2
SUSE-SU-2025:02971-1
SUSE-SU-2025:1158-1
SUSE-SU-2025:1334-1
SUSE-SU-2025:1505-1
SUSE-SU-2025:1511-1
SUSE-SU-2025:1512-1
SUSE-SU-2025:1517-1
SUSE-SU-2025:1549-1
SUSE-SU-2025:20750-1
SUSE-SU-2025_01511-1
SUSE-SU-2025_02970-1
SUSE-SU-2025_02970-2
SUSE-SU-2025_02971-1
SUSE-SU-2025_1158-1
SUSE-SU-2025_1334-1
SUSE-SU-2025_1505-1
SUSE-SU-2025_1511-1
SUSE-SU-2025_1512-1
SUSE-SU-2025_1517-1
SUSE-SU-2025_1549-1
SUSE-SU-2026:21112-1
SUSE-SU-2026:21192-1

Affected Products

Almalinux
Centos
Debian
Pam
Red Hat
Red Os
Rocky Linux
Suse