CVE-2025-6018

Name of the Vulnerable Software and Affected Versions Linux PAM pam-config (affected versions not specified)

Description A Local Privilege Escalation (LPE) flaw exists in pam-config within Linux Pluggable Authentication Modules (PAM). This issue allows an unprivileged local attacker, such as one connected via SSH, to acquire elevated privileges typically reserved for a physically present user with "allow active" status. Consequently, the attacker may perform Polkit actions marked as "allow active yes", which are generally restricted to console users, potentially leading to unauthorized control over system configurations, services, or other sensitive operations. Additionally, the Udisks component of the Linux-PAM authentication module may be affected by configuration errors that could allow an attacker to gain root privileges via SSH.

Recommendations Update pam-config to stop adding pam env in the AUTH stack and ensure this module is placed at the end of the SESSION stack. Update pam to change the default behavior of pam env to not read the user .pam environment file. Update pam to ensure pam namespace functions operate on file descriptors instead of absolute paths when dealing with user-controlled paths.