CVE-2024-22365

Updated: 2026-02-27 02:18:44.659347

Description:

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x MEDIUM 5.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
AlmaLinux 9.2 ESU pam 1.5.1 5.5 MEDIUM Released CLSA-2024:1718202007 2024-06-12 11:27:23
CentOS 6 ELS pam 1.1.1 5.5 MEDIUM Ignored 2024-02-14 08:26:35 Ignored due to low severity
CentOS 7 ELS pam 1.1.8 5.5 MEDIUM Released CLSA-2025:1749571728 2025-06-30 02:12:14
CentOS 8.4 ELS pam 1.3.1 5.5 MEDIUM Released CLSA-2024:1719569368 2024-06-28 10:18:55
CentOS 8.5 ELS pam 1.3.1 5.5 MEDIUM Released CLSA-2024:1718796961 2024-06-19 10:15:30
CentOS Stream 8 ELS pam 1.3.1 5.5 MEDIUM Ignored 2024-05-10 10:14:43 Ignored due to low severity
CloudLinux 6 ELS pam 1.1.1 5.5 MEDIUM Ignored 2024-02-14 08:26:35 Ignored due to low severity
CloudLinux 7 ELS pam 1.1.8 5.5 MEDIUM Released CLSA-2025:1749825017 2025-06-30 02:12:11
Oracle Linux 6 ELS pam 1.1.1 5.5 MEDIUM Ignored 2024-02-14 08:26:34 Ignored due to low severity
Oracle Linux 7 ELS pam 1.1.8 5.5 MEDIUM Released CLSA-2025:1749571114 2025-06-11 01:01:11
Total: 13