CVE-2024-22365
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-22365
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-22365.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-22365
- Downstream
- Related
- Published
- 2024-02-06T08:15:52Z
- Modified
- 2025-11-05T10:55:37.961893Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protectdir) lacks ODIRECTORY.
- References
-
- http://www.openwall.com/lists/oss-security/2024/01/18/3
- https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0
- https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb
- https://github.com/linux-pam/linux-pam
- https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html
Affected packages
Git / github.com/linux-pam/linux-pam
Affected ranges
- Type
- GIT
- Repo
- https://github.com/linux-pam/linux-pam
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
Other
Linux-PAM-0-73
Linux-PAM-0-74
Linux-PAM-0-75
Linux-PAM-0-76
Linux-PAM-0-77
Linux-PAM-0-78
Linux-PAM-0-78-Beta1
Linux-PAM-0-79
Linux-PAM-0-80
Linux-PAM-0_99_10_0
Linux-PAM-0_99_1_0
Linux-PAM-0_99_2_0
Linux-PAM-0_99_2_1
Linux-PAM-0_99_3_0
Linux-PAM-0_99_4_0
Linux-PAM-0_99_5_0
Linux-PAM-0_99_6_0
Linux-PAM-0_99_6_1
Linux-PAM-0_99_6_2
Linux-PAM-0_99_6_3
Linux-PAM-0_99_7_0
Linux-PAM-0_99_7_1
Linux-PAM-0_99_8_0
Linux-PAM-0_99_8_1
Linux-PAM-0_99_9_0
Linux-PAM-1_0_0
Linux-PAM-1_0_90
Linux-PAM-1_0_91
Linux-PAM-1_0_92
Linux-PAM-1_1-branch
Linux-PAM-1_1_0
Linux-PAM-1_1_1
Linux-PAM-1_1_2
Linux-PAM-1_1_3
Linux-PAM-1_1_4
Linux-PAM-1_1_5
Linux-PAM-1_1_7
Linux-PAM-1_1_8
Linux-PAM-1_2_0
Linux-PAM-1_2_1
before_automake
help
pam_unix_refactor
Linux-PAM-1.*
Linux-PAM-1.3.0
v1.*
v1.1.4
v1.1.6
v1.3.1
v1.4.0
v1.5.0
v1.5.1
v1.5.2
v1.5.3
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"source": "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb",
"deprecated": false,
"id": "CVE-2024-22365-0d9b4766",
"signature_type": "Function",
"digest": {
"function_hash": "317394862203144709989130386479640475235",
"length": 1531.0
},
"target": {
"function": "protect_dir",
"file": "modules/pam_namespace/pam_namespace.c"
}
},
{
"signature_version": "v1",
"source": "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb",
"deprecated": false,
"id": "CVE-2024-22365-dc62bac2",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"315361314758271223131504809646670524424",
"274342128254364186845669624273126964804",
"243165300304827059543872687303100674872",
"14439829096304519645882936487136401689",
"338274363870015476195383967866140546131",
"116745845055591218600489517576033008348",
"180024089003612423939499687877557896201",
"221575547298412562554878386368683602590",
"40555050957129843894117549475199081623",
"153236430021528792440942208146795373822",
"2350868536207391044530206346117282129",
"315357110128630639407130175964933912227",
"93453105574852989025632254695904492653",
"251342175285314308319356243353633091552",
"192104678774776308035458189836391865851",
"186538112097541752208687172540304380044",
"67413296613178931678196517808204930857",
"257929399843640289293013953594365360605",
"8458228318959229779658951446056012742",
"88264999696557550687639361897120138533",
"288307341601122833603652759859671734352",
"294647349671456566599252592752094750223"
]
},
"target": {
"file": "modules/pam_namespace/pam_namespace.c"
}
}
]