INFSA-2025:15099: pam security update
Information about definition
Identificator: INFSA-2025:15099
Type: security
Release date: 2025-09-11 14:39:13 UTC
Information about package
Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.
Vulnerabilities description
- CVE-2025-6020
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
- CVE-2025-8941
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root.
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-6020
|
no information | 7.8 | no information |
|
NIST — CVE-2025-8941
|
no information | 7.8 | no information |
Updated packages
Preparing to download...