CVE-2024-10041

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-10041
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-10041.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-10041
Downstream
Related
Published
2024-10-23T13:46:27.963Z
Modified
2026-06-18T03:57:20.757350397Z
Severity
  • 4.7 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Pam: libpam: libpam vulnerable to read hashed password
Details

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

Database specific 
{
    "cwe_ids": [
        "CWE-922"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/10xxx/CVE-2024-10041.json",
    "cna_assigner": "redhat"
}
References

Affected packages

Git / github.com/linux-pam/linux-pam

Affected ranges

Type
GIT
Repo
https://github.com/linux-pam/linux-pam
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2dc3367c5f593eb54af4ef31e7c2d100f73eb364
Database specific 
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.6.0"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

Other
Linux-PAM-0-73
Linux-PAM-0-74
Linux-PAM-0-75
Linux-PAM-0-76
Linux-PAM-0-77
Linux-PAM-0-78
Linux-PAM-0-78-Beta1
Linux-PAM-0-79
Linux-PAM-0-80
Linux-PAM-0_99_10_0
Linux-PAM-0_99_1_0
Linux-PAM-0_99_2_0
Linux-PAM-0_99_2_1
Linux-PAM-0_99_3_0
Linux-PAM-0_99_4_0
Linux-PAM-0_99_5_0
Linux-PAM-0_99_6_0
Linux-PAM-0_99_6_1
Linux-PAM-0_99_6_2
Linux-PAM-0_99_6_3
Linux-PAM-0_99_7_0
Linux-PAM-0_99_7_1
Linux-PAM-0_99_8_0
Linux-PAM-0_99_8_1
Linux-PAM-0_99_9_0
Linux-PAM-1_0_0
Linux-PAM-1_0_90
Linux-PAM-1_0_91
Linux-PAM-1_0_92
Linux-PAM-1_1-branch
Linux-PAM-1_1_0
Linux-PAM-1_1_1
Linux-PAM-1_1_2
Linux-PAM-1_1_3
Linux-PAM-1_1_4
Linux-PAM-1_1_5
Linux-PAM-1_1_7
Linux-PAM-1_1_8
Linux-PAM-1_2_0
Linux-PAM-1_2_1
before_automake
help
pam_unix_refactor
Linux-PAM-1.*
Linux-PAM-1.3.0
v1.*
v1.1.4
v1.1.6
v1.3.1
v1.4.0
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.6.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-10041.json"