ALAS2023-2024-502 --- pamID: oval:org.secpod.oval:def:19500592 | Date: (C)2024-02-13 (M)2024-02-26 |
Class: PATCH | Family: unix |
A vulnerability was found in Linux PAM. An unprivileged user that is not yet in a corresponding mount namespace with ~/tmp mounted as a polyinstantiated dir can place a FIFO there, and a subsequent attempt to login as this user with `pam_namespace` configured will cause the `openat` in `protect_dir` to block the attempt, causing a local denial of service
Platform: |
Amazon Linux 2023 |