Updated: 2026-02-27 02:18:44.659347
Description:
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0.0 | |
| CVSS Version 3.x | MEDIUM | 5.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| RHEL 7 ELS | pam | 1.1.8 | 5.5 | MEDIUM | Released | CLSA-2025:1749570465 | 2025-06-11 00:56:03 | |
| Ubuntu 16.04 ELS | pam | 1.1.8-3.2 | 5.5 | MEDIUM | Released | CLSA-2024:1712671933 | 2024-04-09 11:14:03 | |
| Ubuntu 18.04 ELS | pam | 1.1.8-3.6 | 5.5 | MEDIUM | Released | CLSA-2024:1713333823 | 2024-04-17 05:09:52 |