CVE-2025-6020 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Arbitrary filesystem access
Description	The module pam_namespace in linux-pam <= 1.7.0 may access user-controlled paths without proper protections, which allows a local user to elevate their privileges to root via multiple symlink attacks and race conditions. Systems are vulnerable if they use pam_namespace to polyinstantiate a directory for which the path to the polyinstantiated directory is under user-control or the path to the instance directory is under user-control.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2901	pam	1.7.0-2		High	Vulnerable

References
https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx https://github.com/linux-pam/linux-pam/releases/tag/v1.7.1