CVE-2024-10041: Pam: libpam: libpam vulnerable to read hashed password

Description

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

Classification

CVE ID: CVE-2024-10041

Affected Products

Vendor: Red Hat

Product: Red Hat Enterprise Linux 8

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 24.42% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://access.redhat.com/errata/RHSA-2024:10379
https://access.redhat.com/errata/RHSA-2024:9941
https://access.redhat.com/security/cve/CVE-2024-10041
https://bugzilla.redhat.com/show_bug.cgi?id=2319212

Timeline

2024-11-27 14:41:47 UTC
CVE

Pam: libpam: libpam vulnerable to read hashed password
2025-04-08 14:00:33 UTC
Tenable Plugins

SUSE SLES12 Security Update : pam (SUSE-SU-2025:1158-1)
2025-04-18 15:45:34 UTC
Tenable Plugins

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : pam (SUSE-SU-2025:1334-1)