CVE-2025-6020 log
Source |
|
Severity | High |
Remote | No |
Type | Arbitrary filesystem access |
Description | The module pam_namespace in linux-pam <= 1.7.0 may access user-controlled paths without proper protections, which allows a local user to elevate their privileges to root via multiple symlink attacks and race conditions. Systems are vulnerable if they use pam_namespace to polyinstantiate a directory for which the path to the polyinstantiated directory is under user-control or the path to the instance directory is under user-control. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-2901 | pam | 1.7.0-2 | High | Vulnerable |
References |
---|
https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx https://github.com/linux-pam/linux-pam/releases/tag/v1.7.1 |