CVE-2024-22365

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Feb 6, 2024
Updated: Feb 14, 2024

Summary

CVE-2024-22365 is a vulnerability in linux-pam (Linux PAM) before version 1.6.0, which can result in a denial of service attack by causing a blocked login process through the use of mkfifo. The vulnerability occurs because the openat call for protect_dir lacks O_DIRECTORY. This vulnerability affects multiple products, including gfihkC, gfihkD, gfihkA, and many others listed in the original text. The potential danger to an organization is significant as it can lead to a blocked login process, causing disruption and preventing users from accessing their accounts. To remediate this vulnerability, organizations should update linux-pam to version 1.6.0 or newer to address the issue and prevent potential attacks on their systems.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-22365 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options