Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-22365

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

Published

2024-02-06T08:15:52.203

Last Modified

2025-06-05T17:15:27.617

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-664

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	linux-pam	linux-pam	< 1.6.0	Yes

References

http://www.openwall.com/lists/oss-security/2024/01/18/3 Exploit, Mailing List, Patch, Release Notes ([email protected])
https://github.com/linux-pam/linux-pam Product ([email protected])
https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb Patch ([email protected])
https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0 Release Notes ([email protected])
http://www.openwall.com/lists/oss-security/2024/01/18/3 Exploit, Mailing List, Patch, Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/linux-pam/linux-pam Product (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0 Release Notes (af854a3a-2127-422b-91ae-364da2661108)