CVE-2025-6020 log

Source
Severity High
Remote No
Type Arbitrary filesystem access
Description
The module pam_namespace in linux-pam <= 1.7.0 may access user-controlled paths without proper protections, which allows a local user to elevate their privileges to root via multiple symlink attacks and race conditions.

Systems are vulnerable if they use pam_namespace to polyinstantiate a directory for which the path to the polyinstantiated directory is under user-control or the path to the instance directory is under user-control.
Group Package Affected Fixed Severity Status Ticket
AVG-2901 pam 1.7.0-2 High Vulnerable
References
https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx
https://github.com/linux-pam/linux-pam/releases/tag/v1.7.1