CVE-2024-22365

Published February 6th, 2024

View on NVD ↗

CVSS v3

5.5

MEDIUM

CVSS v2

N/A

Affected

PROJECT

Description

linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

linux-pam/linux-pam

Linux PAM (Pluggable Authentication Modules for Linux) project

GitHub

777