Advisory ROSA-SA-2026-3179

Software: pam 1.3.1 OS: ROSA Virtualization 3.0 unaffected versions = pam-1.3.1-39.0.2.rv30 affected versions pam-1.3.1-39.0.2.rv30 CVE-ID: CVE-2025-6020 BDU-ID: 2025-07273 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pamnamespace module of the Linux-PAM authentication module is caused by a...

linux-pam: Linux-pam directory Traversal

A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions...

Amazon Linux 2 : pam, --advisory ALAS2-2025-3057 (ALAS-2025-3057)

The version of pam installed on the remote host is prior to 1.1.8-23. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3057 advisory. A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit...

linux-pam: Incomplete fix for CVE-2025-6020

A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...

linux-pam: Linux-pam directory Traversal

A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions...

Oracle Linux 8 : pam (ELSA-2025-14557)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-14557 advisory. 1.3.1-38.0.1 - pamlimits: fix use after free in pamsmopensession Orabug: 36272695 1.3.1-38 - pamnamespace: fix potential privilege escalation. Resolves:...

CVE-2025-8941

A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...

CVE-2025-8941

A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...

CVE-2025-8941 Linux-pam: incomplete fix for cve-2025-6020

A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020...

CVE-2025-8941

A flaw was found in linux-pam. The pamnamespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020. Mitigation Disable the pamnamespace...

PT-2025-33007

Name of the Vulnerable Software and Affected Versions linux-pam affected versions not specified Description The Pluggable Authentication Modules PAM framework contains a flaw in the pam namespace module. This module improperly handles user-controlled paths, potentially allowing local users to...

The vulnerability of the cleanup_net() function in the include/net/net_namespace.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the cleanupnet function in the include/net/netnamespace.c module of the Linux kernel is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the...

The vulnerability of the net_alloc_generic() function in the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the netallocgeneric function in the net/core/netnamespace.c module of the Linux kernel relates to access to memory beyond the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protect...

OESA-2024-1129 pam security update

PAM Pluggable Authentication Modules is a system of libraries that handle the authentication tasks of applications services on the system. Security Fixes: A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with /tmp mounted as a...

The vulnerability of the protect_dir function (pam_namespace.so) in the Linux-PAM authentication module allows a attacker to cause a service failure.

The vulnerability of the protectdir function in the Linux-PAM authentication module pamnamespace.so is related to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor to cause service failures...

Linux-pam Security Vulnerabilities

Linux-pam is a plug-and-play supported system authentication software for Linux from the Linux team. A security vulnerability exists in Linux-pam, which stems from a denial of service DOS vulnerability in the pamnamespace module...

SUSE CVE-2010-3853

pamnamespace.c in the pamnamespace module in Linux-PAM aka pam before 1.1.3 uses the environment of the invoking application or service during execution of the namespace.init script, which might allow local users to gain privileges by running a setuid program that relies on the pamnamespace PAM...