linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.

Related CVEs

CVE-2024-22365

Key Information

GHSA ID

GHSA-pcmw-6hxc-hqmx

Published

February 6, 2024 9:31 AM

Last Modified

February 14, 2024 12:35 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 1, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.