CVE-2024-10041
Last modified
CVE-2024-10041 is a medium-severity vulnerability rated 4.7/10 on the CVSS scale. A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). EPSS estimates a 0.27% chance of exploitation in the next 30 days.
Description
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.
Metrics
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linux-Pam | Linux-Pam | All versions |
References
- https://access.redhat.com/security/cve/CVE-2024-10041Mitigation, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2319212Issue Tracking, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-10041?
How severe is CVE-2024-10041?
How do I fix CVE-2024-10041?
Are you affected by CVE-2024-10041?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST