CVE-2025-24031
Description
PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. In versions 0.6.12 and prior, the pam_pkcs11 module segfaults when a user presses ctrl-c/ctrl-d when they are asked for a PIN. When a user enters no PIN at all, pam_get_pwd will never initialize the password buffer pointer and as such cleanse will try to dereference an uninitialized pointer. On my system this pointer happens to have the value 3 most of the time when running sudo and as such it will segfault. The most likely impact to a system affected by this issue is an availability impact due to a daemon that uses PAM crashing. As of time of publication, a patch for the issue is unavailable.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11pam_pkcs11-0.6.10, pam_pkcs11-0.6.11, pam_pkcs11-0.6.12, …+ 1 more
- (no CPE)range: pam_pkcs11-0.6.10, pam_pkcs11-0.6.11, pam_pkcs11-0.6.12, …
- (no CPE)range: <=0.6.12
- osv-coords9 versionspkg:rpm/opensuse/pam_pkcs11&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/pam_pkcs11&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/pam_pkcs11&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/pam_pkcs11&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/pam_pkcs11&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/pam_pkcs11&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/pam_pkcs11&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/pam_pkcs11&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/pam_pkcs11&distro=SUSE%20Linux%20Micro%206.0
< 0.6.10-150600.16.3.1+ 8 more
- (no CPE)range: < 0.6.10-150600.16.3.1
- (no CPE)range: < 0.6.10-150100.3.6.1
- (no CPE)range: < 0.6.10-150100.3.6.1
- (no CPE)range: < 0.6.10-150100.3.6.1
- (no CPE)range: < 0.6.10-150100.3.6.1
- (no CPE)range: < 0.6.10-150100.3.6.1
- (no CPE)range: < 0.6.10-150600.16.3.1
- (no CPE)range: < 0.6.8-7.8.1
- (no CPE)range: < 0.6.12-3.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.