vulnerability

SUSE: CVE-2025-24031: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	2025-02-10	2025-03-03	2025-03-03

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

2025-02-10

Added

2025-03-03

Modified

2025-03-03

Description

PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. In versions 0.6.12 and prior, the pam_pkcs11 module segfaults when a user presses ctrl-c/ctrl-d when they are asked for a PIN. When a user enters no PIN at all, `pam_get_pwd` will never initialize the password buffer pointer and as such `cleanse` will try to dereference an uninitialized pointer. On my system this pointer happens to have the value 3 most of the time when running sudo and as such it will segfault. The most likely impact to a system affected by this issue is an availability impact due to a daemon that uses PAM crashing. As of time of publication, a patch for the issue is unavailable.

Solution(s)

suse-upgrade-pam_pkcs11suse-upgrade-pam_pkcs11-32bitsuse-upgrade-pam_pkcs11-devel-doc

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today