Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-8941 (GCVE-0-2025-8941)
Vulnerability from cvelistv5
Published
2025-08-13 14:42
Modified
2025-09-11 15:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Summary
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected: 0:1.1.8-23.el7_9.2 < * cpe:/o:redhat:rhel_els:7 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-13T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-14T03:56:00.871Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.1.8-23.el7_9.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.1-38.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.1-8.el8_2.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.1-14.el8_4.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.1-14.el8_4.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.6::baseos",
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_e4s:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.1-16.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.6::baseos",
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_e4s:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.1-16.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.6::baseos",
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_e4s:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.1-16.el8_6.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.8::baseos",
"cpe:/o:redhat:rhel_e4s:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.1-26.el8_8.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.8::baseos",
"cpe:/o:redhat:rhel_e4s:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.3.1-26.el8_8.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.5.1-26.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.5.1-26.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream",
"cpe:/o:redhat:rhel_e4s:9.0::baseos"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.5.1-9.el9_0.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:9.2::baseos",
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.5.1-15.el9_2.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.4::baseos",
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "pam",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.5.1-24.el9_4.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
],
"defaultStatus": "affected",
"packageName": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9",
"product": "Red Hat OpenShift sandboxed containers 1.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
],
"defaultStatus": "affected",
"packageName": "registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9",
"product": "Red Hat OpenShift sandboxed containers 1.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
],
"defaultStatus": "affected",
"packageName": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9",
"product": "Red Hat OpenShift sandboxed containers 1.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
],
"defaultStatus": "affected",
"packageName": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9",
"product": "Red Hat OpenShift sandboxed containers 1.1",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac",
"versionType": "rpm"
}
]
}
],
"datePublic": "2025-08-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T15:33:55.086Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:14557",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:14557"
},
{
"name": "RHSA-2025:15099",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15099"
},
{
"name": "RHSA-2025:15100",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15100"
},
{
"name": "RHSA-2025:15101",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15101"
},
{
"name": "RHSA-2025:15102",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15102"
},
{
"name": "RHSA-2025:15103",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15103"
},
{
"name": "RHSA-2025:15104",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15104"
},
{
"name": "RHSA-2025:15105",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15105"
},
{
"name": "RHSA-2025:15106",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15106"
},
{
"name": "RHSA-2025:15107",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15107"
},
{
"name": "RHSA-2025:15709",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:15709"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"name": "RHBZ#2388220",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-13T12:11:55.270000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-08-13T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Linux-pam: incomplete fix for cve-2025-6020",
"workarounds": [
{
"lang": "en",
"value": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`."
}
],
"x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2025-8941",
"datePublished": "2025-08-13T14:42:37.570Z",
"dateReserved": "2025-08-13T12:24:47.522Z",
"dateUpdated": "2025-09-11T15:33:55.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-8941\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2025-08-13T15:15:41.873\",\"lastModified\":\"2025-09-11T16:15:34.393\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \\\"complete\\\" fix for CVE-2025-6020.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una falla en linux-pam. El m\u00f3dulo pam_namespace podr\u00eda gestionar incorrectamente las rutas controladas por el usuario, lo que permite a los usuarios locales explotar ataques de enlaces simb\u00f3licos y condiciones de ejecuci\u00f3n para elevar sus privilegios a root. Esta CVE proporciona una soluci\u00f3n completa para CVE-2025-6020.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2025:14557\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15099\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15100\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15101\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15102\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15103\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15104\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15105\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15106\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15107\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2025:15709\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2025-8941\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2388220\",\"source\":\"secalert@redhat.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-8941\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-13T14:50:37.619035Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-13T14:50:43.534Z\"}}], \"cna\": {\"title\": \"Linux-pam: incomplete fix for cve-2025-6020\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:/o:redhat:rhel_els:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7 Extended Lifecycle Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.1.8-23.el7_9.2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.3.1-38.el8_10\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.2::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.2 Advanced Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.3.1-8.el8_2.2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.4::baseos\", \"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.3.1-14.el8_4.2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_aus:8.4::baseos\", \"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.3.1-14.el8_4.2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_tus:8.6::baseos\", \"cpe:/o:redhat:rhel_aus:8.6::baseos\", \"cpe:/o:redhat:rhel_e4s:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.3.1-16.el8_6.3\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_tus:8.6::baseos\", \"cpe:/o:redhat:rhel_aus:8.6::baseos\", \"cpe:/o:redhat:rhel_e4s:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.3.1-16.el8_6.3\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_tus:8.6::baseos\", \"cpe:/o:redhat:rhel_aus:8.6::baseos\", \"cpe:/o:redhat:rhel_e4s:8.6::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.3.1-16.el8_6.3\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_tus:8.8::baseos\", \"cpe:/o:redhat:rhel_e4s:8.8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Telecommunications Update Service\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.3.1-26.el8_8.2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_tus:8.8::baseos\", \"cpe:/o:redhat:rhel_e4s:8.8::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.3.1-26.el8_8.2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.5.1-26.el9_6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\", \"cpe:/o:redhat:enterprise_linux:9::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.5.1-26.el9_6\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.0::appstream\", \"cpe:/o:redhat:rhel_e4s:9.0::baseos\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.5.1-9.el9_0.3\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_e4s:9.2::baseos\", \"cpe:/a:redhat:rhel_e4s:9.2::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.5.1-15.el9_2.2\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:rhel_eus:9.4::baseos\", \"cpe:/a:redhat:rhel_eus:9.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.4 Extended Update Support\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"0:1.5.1-24.el9_4.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"pam\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift sandboxed containers 1.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift sandboxed containers 1.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift sandboxed containers 1.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:confidential_compute_attestation:1.10::el9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift sandboxed containers 1.1\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac\", \"lessThan\": \"*\", \"versionType\": \"rpm\"}], \"packageName\": \"registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9\", \"collectionURL\": \"https://catalog.redhat.com/software/containers/\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-08-13T12:11:55.270000+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2025-08-13T00:00:00+00:00\", \"value\": \"Made public.\"}], \"datePublic\": \"2025-08-13T00:00:00.000Z\", \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2025:14557\", \"name\": \"RHSA-2025:14557\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15099\", \"name\": \"RHSA-2025:15099\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15100\", \"name\": \"RHSA-2025:15100\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15101\", \"name\": \"RHSA-2025:15101\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15102\", \"name\": \"RHSA-2025:15102\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15103\", \"name\": \"RHSA-2025:15103\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15104\", \"name\": \"RHSA-2025:15104\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15105\", \"name\": \"RHSA-2025:15105\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15106\", \"name\": \"RHSA-2025:15106\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15107\", \"name\": \"RHSA-2025:15107\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2025:15709\", \"name\": \"RHSA-2025:15709\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2025-8941\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2388220\", \"name\": \"RHBZ#2388220\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \\\"complete\\\" fix for CVE-2025-6020.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2025-09-11T15:33:55.086Z\"}, \"x_redhatCweChain\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-8941\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-09-11T15:33:55.086Z\", \"dateReserved\": \"2025-08-13T12:24:47.522Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2025-08-13T14:42:37.570Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
rhsa-2025:15100
Vulnerability from csaf_redhat
Published
2025-09-03 00:46
Modified
2025-09-11 15:33
Summary
Red Hat Security Advisory: pam security update
Notes
Topic
An update for pam is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.
Security Fix(es):
* linux-pam: Incomplete fix for CVE-2025-6020 (CVE-2025-8941)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for pam is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.\n\nSecurity Fix(es):\n\n* linux-pam: Incomplete fix for CVE-2025-6020 (CVE-2025-8941)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15100",
"url": "https://access.redhat.com/errata/RHSA-2025:15100"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15100.json"
}
],
"title": "Red Hat Security Advisory: pam security update",
"tracking": {
"current_release_date": "2025-09-11T15:33:49+00:00",
"generator": {
"date": "2025-09-11T15:33:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2025:15100",
"initial_release_date": "2025-09-03T00:46:48+00:00",
"revision_history": [
{
"date": "2025-09-03T00:46:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-03T00:46:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-11T15:33:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.0::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:9.0::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.5.1-9.el9_0.3.src",
"product": {
"name": "pam-0:1.5.1-9.el9_0.3.src",
"product_id": "pam-0:1.5.1-9.el9_0.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.5.1-9.el9_0.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.5.1-9.el9_0.3.aarch64",
"product": {
"name": "pam-0:1.5.1-9.el9_0.3.aarch64",
"product_id": "pam-0:1.5.1-9.el9_0.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.5.1-9.el9_0.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.5.1-9.el9_0.3.aarch64",
"product": {
"name": "pam-debugsource-0:1.5.1-9.el9_0.3.aarch64",
"product_id": "pam-debugsource-0:1.5.1-9.el9_0.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.5.1-9.el9_0.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.5.1-9.el9_0.3.aarch64",
"product": {
"name": "pam-debuginfo-0:1.5.1-9.el9_0.3.aarch64",
"product_id": "pam-debuginfo-0:1.5.1-9.el9_0.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.5.1-9.el9_0.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.5.1-9.el9_0.3.aarch64",
"product": {
"name": "pam-devel-0:1.5.1-9.el9_0.3.aarch64",
"product_id": "pam-devel-0:1.5.1-9.el9_0.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.5.1-9.el9_0.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pam-docs-0:1.5.1-9.el9_0.3.aarch64",
"product": {
"name": "pam-docs-0:1.5.1-9.el9_0.3.aarch64",
"product_id": "pam-docs-0:1.5.1-9.el9_0.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-docs@1.5.1-9.el9_0.3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.5.1-9.el9_0.3.ppc64le",
"product": {
"name": "pam-0:1.5.1-9.el9_0.3.ppc64le",
"product_id": "pam-0:1.5.1-9.el9_0.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.5.1-9.el9_0.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.5.1-9.el9_0.3.ppc64le",
"product": {
"name": "pam-debugsource-0:1.5.1-9.el9_0.3.ppc64le",
"product_id": "pam-debugsource-0:1.5.1-9.el9_0.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.5.1-9.el9_0.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.5.1-9.el9_0.3.ppc64le",
"product": {
"name": "pam-debuginfo-0:1.5.1-9.el9_0.3.ppc64le",
"product_id": "pam-debuginfo-0:1.5.1-9.el9_0.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.5.1-9.el9_0.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.5.1-9.el9_0.3.ppc64le",
"product": {
"name": "pam-devel-0:1.5.1-9.el9_0.3.ppc64le",
"product_id": "pam-devel-0:1.5.1-9.el9_0.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.5.1-9.el9_0.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-docs-0:1.5.1-9.el9_0.3.ppc64le",
"product": {
"name": "pam-docs-0:1.5.1-9.el9_0.3.ppc64le",
"product_id": "pam-docs-0:1.5.1-9.el9_0.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-docs@1.5.1-9.el9_0.3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.5.1-9.el9_0.3.i686",
"product": {
"name": "pam-0:1.5.1-9.el9_0.3.i686",
"product_id": "pam-0:1.5.1-9.el9_0.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.5.1-9.el9_0.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.5.1-9.el9_0.3.i686",
"product": {
"name": "pam-debugsource-0:1.5.1-9.el9_0.3.i686",
"product_id": "pam-debugsource-0:1.5.1-9.el9_0.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.5.1-9.el9_0.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.5.1-9.el9_0.3.i686",
"product": {
"name": "pam-debuginfo-0:1.5.1-9.el9_0.3.i686",
"product_id": "pam-debuginfo-0:1.5.1-9.el9_0.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.5.1-9.el9_0.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.5.1-9.el9_0.3.i686",
"product": {
"name": "pam-devel-0:1.5.1-9.el9_0.3.i686",
"product_id": "pam-devel-0:1.5.1-9.el9_0.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.5.1-9.el9_0.3?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.5.1-9.el9_0.3.x86_64",
"product": {
"name": "pam-0:1.5.1-9.el9_0.3.x86_64",
"product_id": "pam-0:1.5.1-9.el9_0.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.5.1-9.el9_0.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.5.1-9.el9_0.3.x86_64",
"product": {
"name": "pam-debugsource-0:1.5.1-9.el9_0.3.x86_64",
"product_id": "pam-debugsource-0:1.5.1-9.el9_0.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.5.1-9.el9_0.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.5.1-9.el9_0.3.x86_64",
"product": {
"name": "pam-debuginfo-0:1.5.1-9.el9_0.3.x86_64",
"product_id": "pam-debuginfo-0:1.5.1-9.el9_0.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.5.1-9.el9_0.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.5.1-9.el9_0.3.x86_64",
"product": {
"name": "pam-devel-0:1.5.1-9.el9_0.3.x86_64",
"product_id": "pam-devel-0:1.5.1-9.el9_0.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.5.1-9.el9_0.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-docs-0:1.5.1-9.el9_0.3.x86_64",
"product": {
"name": "pam-docs-0:1.5.1-9.el9_0.3.x86_64",
"product_id": "pam-docs-0:1.5.1-9.el9_0.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-docs@1.5.1-9.el9_0.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.5.1-9.el9_0.3.s390x",
"product": {
"name": "pam-0:1.5.1-9.el9_0.3.s390x",
"product_id": "pam-0:1.5.1-9.el9_0.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.5.1-9.el9_0.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.5.1-9.el9_0.3.s390x",
"product": {
"name": "pam-debugsource-0:1.5.1-9.el9_0.3.s390x",
"product_id": "pam-debugsource-0:1.5.1-9.el9_0.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.5.1-9.el9_0.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.5.1-9.el9_0.3.s390x",
"product": {
"name": "pam-debuginfo-0:1.5.1-9.el9_0.3.s390x",
"product_id": "pam-debuginfo-0:1.5.1-9.el9_0.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.5.1-9.el9_0.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.5.1-9.el9_0.3.s390x",
"product": {
"name": "pam-devel-0:1.5.1-9.el9_0.3.s390x",
"product_id": "pam-devel-0:1.5.1-9.el9_0.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.5.1-9.el9_0.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pam-docs-0:1.5.1-9.el9_0.3.s390x",
"product": {
"name": "pam-docs-0:1.5.1-9.el9_0.3.s390x",
"product_id": "pam-docs-0:1.5.1-9.el9_0.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-docs@1.5.1-9.el9_0.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-9.el9_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.aarch64"
},
"product_reference": "pam-0:1.5.1-9.el9_0.3.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-9.el9_0.3.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.i686"
},
"product_reference": "pam-0:1.5.1-9.el9_0.3.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-9.el9_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.ppc64le"
},
"product_reference": "pam-0:1.5.1-9.el9_0.3.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-9.el9_0.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.s390x"
},
"product_reference": "pam-0:1.5.1-9.el9_0.3.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-9.el9_0.3.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.src"
},
"product_reference": "pam-0:1.5.1-9.el9_0.3.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-9.el9_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.x86_64"
},
"product_reference": "pam-0:1.5.1-9.el9_0.3.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-9.el9_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.aarch64"
},
"product_reference": "pam-debuginfo-0:1.5.1-9.el9_0.3.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-9.el9_0.3.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.i686"
},
"product_reference": "pam-debuginfo-0:1.5.1-9.el9_0.3.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-9.el9_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.ppc64le"
},
"product_reference": "pam-debuginfo-0:1.5.1-9.el9_0.3.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-9.el9_0.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.s390x"
},
"product_reference": "pam-debuginfo-0:1.5.1-9.el9_0.3.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-9.el9_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.x86_64"
},
"product_reference": "pam-debuginfo-0:1.5.1-9.el9_0.3.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-9.el9_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.aarch64"
},
"product_reference": "pam-debugsource-0:1.5.1-9.el9_0.3.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-9.el9_0.3.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.i686"
},
"product_reference": "pam-debugsource-0:1.5.1-9.el9_0.3.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-9.el9_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.ppc64le"
},
"product_reference": "pam-debugsource-0:1.5.1-9.el9_0.3.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-9.el9_0.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.s390x"
},
"product_reference": "pam-debugsource-0:1.5.1-9.el9_0.3.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-9.el9_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.x86_64"
},
"product_reference": "pam-debugsource-0:1.5.1-9.el9_0.3.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-9.el9_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.aarch64"
},
"product_reference": "pam-devel-0:1.5.1-9.el9_0.3.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-9.el9_0.3.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.i686"
},
"product_reference": "pam-devel-0:1.5.1-9.el9_0.3.i686",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-9.el9_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.ppc64le"
},
"product_reference": "pam-devel-0:1.5.1-9.el9_0.3.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-9.el9_0.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.s390x"
},
"product_reference": "pam-devel-0:1.5.1-9.el9_0.3.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-9.el9_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.x86_64"
},
"product_reference": "pam-devel-0:1.5.1-9.el9_0.3.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-9.el9_0.3.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.aarch64"
},
"product_reference": "pam-docs-0:1.5.1-9.el9_0.3.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-9.el9_0.3.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.ppc64le"
},
"product_reference": "pam-docs-0:1.5.1-9.el9_0.3.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-9.el9_0.3.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.s390x"
},
"product_reference": "pam-docs-0:1.5.1-9.el9_0.3.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-9.el9_0.3.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"product_id": "AppStream-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.x86_64"
},
"product_reference": "pam-docs-0:1.5.1-9.el9_0.3.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-9.el9_0.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.aarch64"
},
"product_reference": "pam-0:1.5.1-9.el9_0.3.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-9.el9_0.3.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.i686"
},
"product_reference": "pam-0:1.5.1-9.el9_0.3.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-9.el9_0.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.ppc64le"
},
"product_reference": "pam-0:1.5.1-9.el9_0.3.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-9.el9_0.3.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.s390x"
},
"product_reference": "pam-0:1.5.1-9.el9_0.3.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-9.el9_0.3.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.src"
},
"product_reference": "pam-0:1.5.1-9.el9_0.3.src",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-9.el9_0.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.x86_64"
},
"product_reference": "pam-0:1.5.1-9.el9_0.3.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-9.el9_0.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.aarch64"
},
"product_reference": "pam-debuginfo-0:1.5.1-9.el9_0.3.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-9.el9_0.3.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.i686"
},
"product_reference": "pam-debuginfo-0:1.5.1-9.el9_0.3.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-9.el9_0.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.ppc64le"
},
"product_reference": "pam-debuginfo-0:1.5.1-9.el9_0.3.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-9.el9_0.3.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.s390x"
},
"product_reference": "pam-debuginfo-0:1.5.1-9.el9_0.3.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-9.el9_0.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.x86_64"
},
"product_reference": "pam-debuginfo-0:1.5.1-9.el9_0.3.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-9.el9_0.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.aarch64"
},
"product_reference": "pam-debugsource-0:1.5.1-9.el9_0.3.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-9.el9_0.3.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.i686"
},
"product_reference": "pam-debugsource-0:1.5.1-9.el9_0.3.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-9.el9_0.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.ppc64le"
},
"product_reference": "pam-debugsource-0:1.5.1-9.el9_0.3.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-9.el9_0.3.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.s390x"
},
"product_reference": "pam-debugsource-0:1.5.1-9.el9_0.3.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-9.el9_0.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.x86_64"
},
"product_reference": "pam-debugsource-0:1.5.1-9.el9_0.3.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-9.el9_0.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.aarch64"
},
"product_reference": "pam-devel-0:1.5.1-9.el9_0.3.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-9.el9_0.3.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.i686"
},
"product_reference": "pam-devel-0:1.5.1-9.el9_0.3.i686",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-9.el9_0.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.ppc64le"
},
"product_reference": "pam-devel-0:1.5.1-9.el9_0.3.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-9.el9_0.3.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.s390x"
},
"product_reference": "pam-devel-0:1.5.1-9.el9_0.3.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-9.el9_0.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.x86_64"
},
"product_reference": "pam-devel-0:1.5.1-9.el9_0.3.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-9.el9_0.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.aarch64"
},
"product_reference": "pam-docs-0:1.5.1-9.el9_0.3.aarch64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-9.el9_0.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.ppc64le"
},
"product_reference": "pam-docs-0:1.5.1-9.el9_0.3.ppc64le",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-9.el9_0.3.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.s390x"
},
"product_reference": "pam-docs-0:1.5.1-9.el9_0.3.s390x",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-9.el9_0.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"product_id": "BaseOS-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.x86_64"
},
"product_reference": "pam-docs-0:1.5.1-9.el9_0.3.x86_64",
"relates_to_product_reference": "BaseOS-9.0.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.aarch64",
"AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.i686",
"AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.s390x",
"AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.src",
"AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.x86_64",
"AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.aarch64",
"AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.i686",
"AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.s390x",
"AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.x86_64",
"AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.aarch64",
"AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.i686",
"AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.s390x",
"AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.x86_64",
"AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.aarch64",
"AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.i686",
"AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.s390x",
"AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.x86_64",
"AppStream-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.aarch64",
"AppStream-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.s390x",
"AppStream-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.x86_64",
"BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.aarch64",
"BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.i686",
"BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.ppc64le",
"BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.s390x",
"BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.src",
"BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.x86_64",
"BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.aarch64",
"BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.i686",
"BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.ppc64le",
"BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.s390x",
"BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.x86_64",
"BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.aarch64",
"BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.i686",
"BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.ppc64le",
"BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.s390x",
"BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.x86_64",
"BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.aarch64",
"BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.i686",
"BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.ppc64le",
"BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.s390x",
"BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.x86_64",
"BaseOS-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.aarch64",
"BaseOS-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.ppc64le",
"BaseOS-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.s390x",
"BaseOS-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-03T00:46:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.aarch64",
"AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.i686",
"AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.s390x",
"AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.src",
"AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.x86_64",
"AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.aarch64",
"AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.i686",
"AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.s390x",
"AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.x86_64",
"AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.aarch64",
"AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.i686",
"AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.s390x",
"AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.x86_64",
"AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.aarch64",
"AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.i686",
"AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.s390x",
"AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.x86_64",
"AppStream-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.aarch64",
"AppStream-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.s390x",
"AppStream-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.x86_64",
"BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.aarch64",
"BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.i686",
"BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.ppc64le",
"BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.s390x",
"BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.src",
"BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.x86_64",
"BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.aarch64",
"BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.i686",
"BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.ppc64le",
"BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.s390x",
"BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.x86_64",
"BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.aarch64",
"BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.i686",
"BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.ppc64le",
"BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.s390x",
"BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.x86_64",
"BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.aarch64",
"BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.i686",
"BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.ppc64le",
"BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.s390x",
"BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.x86_64",
"BaseOS-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.aarch64",
"BaseOS-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.ppc64le",
"BaseOS-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.s390x",
"BaseOS-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15100"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.aarch64",
"AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.i686",
"AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.s390x",
"AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.src",
"AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.x86_64",
"AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.aarch64",
"AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.i686",
"AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.s390x",
"AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.x86_64",
"AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.aarch64",
"AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.i686",
"AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.s390x",
"AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.x86_64",
"AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.aarch64",
"AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.i686",
"AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.s390x",
"AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.x86_64",
"AppStream-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.aarch64",
"AppStream-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.s390x",
"AppStream-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.x86_64",
"BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.aarch64",
"BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.i686",
"BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.ppc64le",
"BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.s390x",
"BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.src",
"BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.x86_64",
"BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.aarch64",
"BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.i686",
"BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.ppc64le",
"BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.s390x",
"BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.x86_64",
"BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.aarch64",
"BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.i686",
"BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.ppc64le",
"BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.s390x",
"BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.x86_64",
"BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.aarch64",
"BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.i686",
"BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.ppc64le",
"BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.s390x",
"BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.x86_64",
"BaseOS-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.aarch64",
"BaseOS-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.ppc64le",
"BaseOS-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.s390x",
"BaseOS-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.aarch64",
"AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.i686",
"AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.s390x",
"AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.src",
"AppStream-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.x86_64",
"AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.aarch64",
"AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.i686",
"AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.s390x",
"AppStream-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.x86_64",
"AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.aarch64",
"AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.i686",
"AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.s390x",
"AppStream-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.x86_64",
"AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.aarch64",
"AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.i686",
"AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.s390x",
"AppStream-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.x86_64",
"AppStream-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.aarch64",
"AppStream-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.ppc64le",
"AppStream-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.s390x",
"AppStream-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.x86_64",
"BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.aarch64",
"BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.i686",
"BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.ppc64le",
"BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.s390x",
"BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.src",
"BaseOS-9.0.0.Z.E4S:pam-0:1.5.1-9.el9_0.3.x86_64",
"BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.aarch64",
"BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.i686",
"BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.ppc64le",
"BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.s390x",
"BaseOS-9.0.0.Z.E4S:pam-debuginfo-0:1.5.1-9.el9_0.3.x86_64",
"BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.aarch64",
"BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.i686",
"BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.ppc64le",
"BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.s390x",
"BaseOS-9.0.0.Z.E4S:pam-debugsource-0:1.5.1-9.el9_0.3.x86_64",
"BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.aarch64",
"BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.i686",
"BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.ppc64le",
"BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.s390x",
"BaseOS-9.0.0.Z.E4S:pam-devel-0:1.5.1-9.el9_0.3.x86_64",
"BaseOS-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.aarch64",
"BaseOS-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.ppc64le",
"BaseOS-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.s390x",
"BaseOS-9.0.0.Z.E4S:pam-docs-0:1.5.1-9.el9_0.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
}
]
}
rhsa-2025:15101
Vulnerability from csaf_redhat
Published
2025-09-03 01:27
Modified
2025-09-11 15:33
Summary
Red Hat Security Advisory: pam security update
Notes
Topic
An update for pam is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.
Security Fix(es):
* linux-pam: Incomplete fix for CVE-2025-6020 (CVE-2025-8941)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for pam is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.\n\nSecurity Fix(es):\n\n* linux-pam: Incomplete fix for CVE-2025-6020 (CVE-2025-8941)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15101",
"url": "https://access.redhat.com/errata/RHSA-2025:15101"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15101.json"
}
],
"title": "Red Hat Security Advisory: pam security update",
"tracking": {
"current_release_date": "2025-09-11T15:33:50+00:00",
"generator": {
"date": "2025-09-11T15:33:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2025:15101",
"initial_release_date": "2025-09-03T01:27:23+00:00",
"revision_history": [
{
"date": "2025-09-03T01:27:23+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-03T01:27:23+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-11T15:33:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:9.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:9.2::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.5.1-15.el9_2.2.src",
"product": {
"name": "pam-0:1.5.1-15.el9_2.2.src",
"product_id": "pam-0:1.5.1-15.el9_2.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.5.1-15.el9_2.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.5.1-15.el9_2.2.aarch64",
"product": {
"name": "pam-0:1.5.1-15.el9_2.2.aarch64",
"product_id": "pam-0:1.5.1-15.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.5.1-15.el9_2.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.5.1-15.el9_2.2.aarch64",
"product": {
"name": "pam-debugsource-0:1.5.1-15.el9_2.2.aarch64",
"product_id": "pam-debugsource-0:1.5.1-15.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.5.1-15.el9_2.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.5.1-15.el9_2.2.aarch64",
"product": {
"name": "pam-debuginfo-0:1.5.1-15.el9_2.2.aarch64",
"product_id": "pam-debuginfo-0:1.5.1-15.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.5.1-15.el9_2.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.5.1-15.el9_2.2.aarch64",
"product": {
"name": "pam-devel-0:1.5.1-15.el9_2.2.aarch64",
"product_id": "pam-devel-0:1.5.1-15.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.5.1-15.el9_2.2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pam-docs-0:1.5.1-15.el9_2.2.aarch64",
"product": {
"name": "pam-docs-0:1.5.1-15.el9_2.2.aarch64",
"product_id": "pam-docs-0:1.5.1-15.el9_2.2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-docs@1.5.1-15.el9_2.2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.5.1-15.el9_2.2.ppc64le",
"product": {
"name": "pam-0:1.5.1-15.el9_2.2.ppc64le",
"product_id": "pam-0:1.5.1-15.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.5.1-15.el9_2.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.5.1-15.el9_2.2.ppc64le",
"product": {
"name": "pam-debugsource-0:1.5.1-15.el9_2.2.ppc64le",
"product_id": "pam-debugsource-0:1.5.1-15.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.5.1-15.el9_2.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.5.1-15.el9_2.2.ppc64le",
"product": {
"name": "pam-debuginfo-0:1.5.1-15.el9_2.2.ppc64le",
"product_id": "pam-debuginfo-0:1.5.1-15.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.5.1-15.el9_2.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.5.1-15.el9_2.2.ppc64le",
"product": {
"name": "pam-devel-0:1.5.1-15.el9_2.2.ppc64le",
"product_id": "pam-devel-0:1.5.1-15.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.5.1-15.el9_2.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-docs-0:1.5.1-15.el9_2.2.ppc64le",
"product": {
"name": "pam-docs-0:1.5.1-15.el9_2.2.ppc64le",
"product_id": "pam-docs-0:1.5.1-15.el9_2.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-docs@1.5.1-15.el9_2.2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.5.1-15.el9_2.2.i686",
"product": {
"name": "pam-0:1.5.1-15.el9_2.2.i686",
"product_id": "pam-0:1.5.1-15.el9_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.5.1-15.el9_2.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.5.1-15.el9_2.2.i686",
"product": {
"name": "pam-debugsource-0:1.5.1-15.el9_2.2.i686",
"product_id": "pam-debugsource-0:1.5.1-15.el9_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.5.1-15.el9_2.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.5.1-15.el9_2.2.i686",
"product": {
"name": "pam-debuginfo-0:1.5.1-15.el9_2.2.i686",
"product_id": "pam-debuginfo-0:1.5.1-15.el9_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.5.1-15.el9_2.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.5.1-15.el9_2.2.i686",
"product": {
"name": "pam-devel-0:1.5.1-15.el9_2.2.i686",
"product_id": "pam-devel-0:1.5.1-15.el9_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.5.1-15.el9_2.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.5.1-15.el9_2.2.x86_64",
"product": {
"name": "pam-0:1.5.1-15.el9_2.2.x86_64",
"product_id": "pam-0:1.5.1-15.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.5.1-15.el9_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.5.1-15.el9_2.2.x86_64",
"product": {
"name": "pam-debugsource-0:1.5.1-15.el9_2.2.x86_64",
"product_id": "pam-debugsource-0:1.5.1-15.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.5.1-15.el9_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.5.1-15.el9_2.2.x86_64",
"product": {
"name": "pam-debuginfo-0:1.5.1-15.el9_2.2.x86_64",
"product_id": "pam-debuginfo-0:1.5.1-15.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.5.1-15.el9_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.5.1-15.el9_2.2.x86_64",
"product": {
"name": "pam-devel-0:1.5.1-15.el9_2.2.x86_64",
"product_id": "pam-devel-0:1.5.1-15.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.5.1-15.el9_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-docs-0:1.5.1-15.el9_2.2.x86_64",
"product": {
"name": "pam-docs-0:1.5.1-15.el9_2.2.x86_64",
"product_id": "pam-docs-0:1.5.1-15.el9_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-docs@1.5.1-15.el9_2.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.5.1-15.el9_2.2.s390x",
"product": {
"name": "pam-0:1.5.1-15.el9_2.2.s390x",
"product_id": "pam-0:1.5.1-15.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.5.1-15.el9_2.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.5.1-15.el9_2.2.s390x",
"product": {
"name": "pam-debugsource-0:1.5.1-15.el9_2.2.s390x",
"product_id": "pam-debugsource-0:1.5.1-15.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.5.1-15.el9_2.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.5.1-15.el9_2.2.s390x",
"product": {
"name": "pam-debuginfo-0:1.5.1-15.el9_2.2.s390x",
"product_id": "pam-debuginfo-0:1.5.1-15.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.5.1-15.el9_2.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.5.1-15.el9_2.2.s390x",
"product": {
"name": "pam-devel-0:1.5.1-15.el9_2.2.s390x",
"product_id": "pam-devel-0:1.5.1-15.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.5.1-15.el9_2.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pam-docs-0:1.5.1-15.el9_2.2.s390x",
"product": {
"name": "pam-docs-0:1.5.1-15.el9_2.2.s390x",
"product_id": "pam-docs-0:1.5.1-15.el9_2.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-docs@1.5.1-15.el9_2.2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-15.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.aarch64"
},
"product_reference": "pam-0:1.5.1-15.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-15.el9_2.2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.i686"
},
"product_reference": "pam-0:1.5.1-15.el9_2.2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-15.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.ppc64le"
},
"product_reference": "pam-0:1.5.1-15.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-15.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.s390x"
},
"product_reference": "pam-0:1.5.1-15.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-15.el9_2.2.src as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.src"
},
"product_reference": "pam-0:1.5.1-15.el9_2.2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-15.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.x86_64"
},
"product_reference": "pam-0:1.5.1-15.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-15.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.aarch64"
},
"product_reference": "pam-debuginfo-0:1.5.1-15.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-15.el9_2.2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.i686"
},
"product_reference": "pam-debuginfo-0:1.5.1-15.el9_2.2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-15.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.ppc64le"
},
"product_reference": "pam-debuginfo-0:1.5.1-15.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-15.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.s390x"
},
"product_reference": "pam-debuginfo-0:1.5.1-15.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-15.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.x86_64"
},
"product_reference": "pam-debuginfo-0:1.5.1-15.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-15.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.aarch64"
},
"product_reference": "pam-debugsource-0:1.5.1-15.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-15.el9_2.2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.i686"
},
"product_reference": "pam-debugsource-0:1.5.1-15.el9_2.2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-15.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.ppc64le"
},
"product_reference": "pam-debugsource-0:1.5.1-15.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-15.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.s390x"
},
"product_reference": "pam-debugsource-0:1.5.1-15.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-15.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.x86_64"
},
"product_reference": "pam-debugsource-0:1.5.1-15.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-15.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.aarch64"
},
"product_reference": "pam-devel-0:1.5.1-15.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-15.el9_2.2.i686 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.i686"
},
"product_reference": "pam-devel-0:1.5.1-15.el9_2.2.i686",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-15.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.ppc64le"
},
"product_reference": "pam-devel-0:1.5.1-15.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-15.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.s390x"
},
"product_reference": "pam-devel-0:1.5.1-15.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-15.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.x86_64"
},
"product_reference": "pam-devel-0:1.5.1-15.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-15.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.aarch64"
},
"product_reference": "pam-docs-0:1.5.1-15.el9_2.2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-15.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.ppc64le"
},
"product_reference": "pam-docs-0:1.5.1-15.el9_2.2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-15.el9_2.2.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.s390x"
},
"product_reference": "pam-docs-0:1.5.1-15.el9_2.2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-15.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"product_id": "AppStream-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.x86_64"
},
"product_reference": "pam-docs-0:1.5.1-15.el9_2.2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-15.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.aarch64"
},
"product_reference": "pam-0:1.5.1-15.el9_2.2.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-15.el9_2.2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.i686"
},
"product_reference": "pam-0:1.5.1-15.el9_2.2.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-15.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.ppc64le"
},
"product_reference": "pam-0:1.5.1-15.el9_2.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-15.el9_2.2.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.s390x"
},
"product_reference": "pam-0:1.5.1-15.el9_2.2.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-15.el9_2.2.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.src"
},
"product_reference": "pam-0:1.5.1-15.el9_2.2.src",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-15.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.x86_64"
},
"product_reference": "pam-0:1.5.1-15.el9_2.2.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-15.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.aarch64"
},
"product_reference": "pam-debuginfo-0:1.5.1-15.el9_2.2.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-15.el9_2.2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.i686"
},
"product_reference": "pam-debuginfo-0:1.5.1-15.el9_2.2.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-15.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.ppc64le"
},
"product_reference": "pam-debuginfo-0:1.5.1-15.el9_2.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-15.el9_2.2.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.s390x"
},
"product_reference": "pam-debuginfo-0:1.5.1-15.el9_2.2.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-15.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.x86_64"
},
"product_reference": "pam-debuginfo-0:1.5.1-15.el9_2.2.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-15.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.aarch64"
},
"product_reference": "pam-debugsource-0:1.5.1-15.el9_2.2.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-15.el9_2.2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.i686"
},
"product_reference": "pam-debugsource-0:1.5.1-15.el9_2.2.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-15.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.ppc64le"
},
"product_reference": "pam-debugsource-0:1.5.1-15.el9_2.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-15.el9_2.2.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.s390x"
},
"product_reference": "pam-debugsource-0:1.5.1-15.el9_2.2.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-15.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.x86_64"
},
"product_reference": "pam-debugsource-0:1.5.1-15.el9_2.2.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-15.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.aarch64"
},
"product_reference": "pam-devel-0:1.5.1-15.el9_2.2.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-15.el9_2.2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.i686"
},
"product_reference": "pam-devel-0:1.5.1-15.el9_2.2.i686",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-15.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.ppc64le"
},
"product_reference": "pam-devel-0:1.5.1-15.el9_2.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-15.el9_2.2.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.s390x"
},
"product_reference": "pam-devel-0:1.5.1-15.el9_2.2.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-15.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.x86_64"
},
"product_reference": "pam-devel-0:1.5.1-15.el9_2.2.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-15.el9_2.2.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.aarch64"
},
"product_reference": "pam-docs-0:1.5.1-15.el9_2.2.aarch64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-15.el9_2.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.ppc64le"
},
"product_reference": "pam-docs-0:1.5.1-15.el9_2.2.ppc64le",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-15.el9_2.2.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.s390x"
},
"product_reference": "pam-docs-0:1.5.1-15.el9_2.2.s390x",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-15.el9_2.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"product_id": "BaseOS-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.x86_64"
},
"product_reference": "pam-docs-0:1.5.1-15.el9_2.2.x86_64",
"relates_to_product_reference": "BaseOS-9.2.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.aarch64",
"AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.i686",
"AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.s390x",
"AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.src",
"AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.x86_64",
"AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.aarch64",
"AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.i686",
"AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.s390x",
"AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.x86_64",
"AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.aarch64",
"AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.i686",
"AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.s390x",
"AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.x86_64",
"AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.aarch64",
"AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.i686",
"AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.s390x",
"AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.x86_64",
"AppStream-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.aarch64",
"AppStream-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.s390x",
"AppStream-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.x86_64",
"BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.aarch64",
"BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.i686",
"BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.ppc64le",
"BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.s390x",
"BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.src",
"BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.x86_64",
"BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.aarch64",
"BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.i686",
"BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.ppc64le",
"BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.s390x",
"BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.x86_64",
"BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.aarch64",
"BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.i686",
"BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.ppc64le",
"BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.s390x",
"BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.x86_64",
"BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.aarch64",
"BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.i686",
"BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.ppc64le",
"BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.s390x",
"BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.x86_64",
"BaseOS-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.aarch64",
"BaseOS-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.ppc64le",
"BaseOS-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.s390x",
"BaseOS-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-03T01:27:23+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.aarch64",
"AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.i686",
"AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.s390x",
"AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.src",
"AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.x86_64",
"AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.aarch64",
"AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.i686",
"AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.s390x",
"AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.x86_64",
"AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.aarch64",
"AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.i686",
"AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.s390x",
"AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.x86_64",
"AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.aarch64",
"AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.i686",
"AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.s390x",
"AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.x86_64",
"AppStream-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.aarch64",
"AppStream-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.s390x",
"AppStream-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.x86_64",
"BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.aarch64",
"BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.i686",
"BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.ppc64le",
"BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.s390x",
"BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.src",
"BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.x86_64",
"BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.aarch64",
"BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.i686",
"BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.ppc64le",
"BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.s390x",
"BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.x86_64",
"BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.aarch64",
"BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.i686",
"BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.ppc64le",
"BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.s390x",
"BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.x86_64",
"BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.aarch64",
"BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.i686",
"BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.ppc64le",
"BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.s390x",
"BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.x86_64",
"BaseOS-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.aarch64",
"BaseOS-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.ppc64le",
"BaseOS-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.s390x",
"BaseOS-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15101"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.aarch64",
"AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.i686",
"AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.s390x",
"AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.src",
"AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.x86_64",
"AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.aarch64",
"AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.i686",
"AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.s390x",
"AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.x86_64",
"AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.aarch64",
"AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.i686",
"AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.s390x",
"AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.x86_64",
"AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.aarch64",
"AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.i686",
"AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.s390x",
"AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.x86_64",
"AppStream-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.aarch64",
"AppStream-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.s390x",
"AppStream-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.x86_64",
"BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.aarch64",
"BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.i686",
"BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.ppc64le",
"BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.s390x",
"BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.src",
"BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.x86_64",
"BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.aarch64",
"BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.i686",
"BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.ppc64le",
"BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.s390x",
"BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.x86_64",
"BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.aarch64",
"BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.i686",
"BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.ppc64le",
"BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.s390x",
"BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.x86_64",
"BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.aarch64",
"BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.i686",
"BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.ppc64le",
"BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.s390x",
"BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.x86_64",
"BaseOS-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.aarch64",
"BaseOS-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.ppc64le",
"BaseOS-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.s390x",
"BaseOS-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.aarch64",
"AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.i686",
"AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.s390x",
"AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.src",
"AppStream-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.x86_64",
"AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.aarch64",
"AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.i686",
"AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.s390x",
"AppStream-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.x86_64",
"AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.aarch64",
"AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.i686",
"AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.s390x",
"AppStream-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.x86_64",
"AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.aarch64",
"AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.i686",
"AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.s390x",
"AppStream-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.x86_64",
"AppStream-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.aarch64",
"AppStream-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.ppc64le",
"AppStream-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.s390x",
"AppStream-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.x86_64",
"BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.aarch64",
"BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.i686",
"BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.ppc64le",
"BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.s390x",
"BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.src",
"BaseOS-9.2.0.Z.E4S:pam-0:1.5.1-15.el9_2.2.x86_64",
"BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.aarch64",
"BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.i686",
"BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.ppc64le",
"BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.s390x",
"BaseOS-9.2.0.Z.E4S:pam-debuginfo-0:1.5.1-15.el9_2.2.x86_64",
"BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.aarch64",
"BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.i686",
"BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.ppc64le",
"BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.s390x",
"BaseOS-9.2.0.Z.E4S:pam-debugsource-0:1.5.1-15.el9_2.2.x86_64",
"BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.aarch64",
"BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.i686",
"BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.ppc64le",
"BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.s390x",
"BaseOS-9.2.0.Z.E4S:pam-devel-0:1.5.1-15.el9_2.2.x86_64",
"BaseOS-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.aarch64",
"BaseOS-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.ppc64le",
"BaseOS-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.s390x",
"BaseOS-9.2.0.Z.E4S:pam-docs-0:1.5.1-15.el9_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
}
]
}
rhsa-2025:15709
Vulnerability from csaf_redhat
Published
2025-09-11 15:29
Modified
2025-09-11 15:33
Summary
Red Hat Security Advisory: Red Hat OpenShift sandboxed containers release
Notes
Topic
Release of Red Hat OpenShift sandboxed containers.
Details
Red Hat OpenShift sandboxed containers, based on the Kata Containers project.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Release of Red Hat OpenShift sandboxed containers.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat OpenShift sandboxed containers, based on the Kata Containers project.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15709",
"url": "https://access.redhat.com/errata/RHSA-2025:15709"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5914",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6020",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8941",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15709.json"
}
],
"title": "Red Hat Security Advisory: Red Hat OpenShift sandboxed containers release",
"tracking": {
"current_release_date": "2025-09-11T15:33:52+00:00",
"generator": {
"date": "2025-09-11T15:33:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2025:15709",
"initial_release_date": "2025-09-11T15:29:48+00:00",
"revision_history": [
{
"date": "2025-09-11T15:29:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-11T15:29:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-11T15:33:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat OpenShift sandboxed containers 1.1",
"product": {
"name": "Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:confidential_compute_attestation:1.10::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift sandboxed containers"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osc-cloud-api-adaptor-rhel9@sha256%3A7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757422110"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osc-cloud-api-adaptor-webhook-rhel9@sha256%3A7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757421846"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osc-dm-verity-image@sha256%3A53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757428967"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osc-monitor-rhel9@sha256%3A9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757421804"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osc-must-gather-rhel9@sha256%3Ae45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757422070"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osc-operator-bundle@sha256%3A6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757430223"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osc-rhel9-operator@sha256%3A616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757421890"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osc-podvm-builder-rhel9@sha256%3A8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757421879"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64",
"product_identification_helper": {
"purl": "pkg:oci/osc-podvm-payload-rhel9@sha256%3A8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74?arch=amd64\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757422401"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"product_identification_helper": {
"purl": "pkg:oci/osc-cloud-api-adaptor-rhel9@sha256%3A24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b?arch=s390x\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757422110"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"product_identification_helper": {
"purl": "pkg:oci/osc-cloud-api-adaptor-webhook-rhel9@sha256%3A99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c?arch=s390x\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757421846"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"product_identification_helper": {
"purl": "pkg:oci/osc-monitor-rhel9@sha256%3Af5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6?arch=s390x\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757421804"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"product_identification_helper": {
"purl": "pkg:oci/osc-must-gather-rhel9@sha256%3A6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108?arch=s390x\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757422070"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x",
"product_identification_helper": {
"purl": "pkg:oci/osc-rhel9-operator@sha256%3A869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d?arch=s390x\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757421890"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"product_identification_helper": {
"purl": "pkg:oci/osc-podvm-builder-rhel9@sha256%3Acead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65?arch=s390x\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757421879"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"product": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"product_id": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"product_identification_helper": {
"purl": "pkg:oci/osc-podvm-payload-rhel9@sha256%3A59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac?arch=s390x\u0026repository_url=registry.redhat.io/openshift-sandboxed-containers\u0026tag=1.10.2-1757422401"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64 as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64 as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64 as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64 as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64 as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64 as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64 as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64 as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64 as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x as a component of Red Hat OpenShift sandboxed containers 1.1",
"product_id": "Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x"
},
"product_reference": "registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x",
"relates_to_product_reference": "Red Hat OpenShift sandboxed containers 1.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5914",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"discovery_date": "2025-06-06T17:58:25.491000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2370861"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Red Hat Product Security team has rated this vulnerability as High because it allows a local attacker with limited privileges to trigger a double-free in libarchive\u0027s RAR parser by providing a specially crafted RAR archive. Successful exploitation could result in code execution or application crashes.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x"
],
"known_not_affected": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5914"
},
{
"category": "external",
"summary": "RHBZ#2370861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5914"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5914"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/pull/2598",
"url": "https://github.com/libarchive/libarchive/pull/2598"
},
{
"category": "external",
"summary": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0",
"url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0"
}
],
"release_date": "2025-05-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-11T15:29:48+00:00",
"details": "A new release of Red Hat OpenShift sandboxed containers.",
"product_ids": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15709"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c"
},
{
"acknowledgments": [
{
"names": [
"Olivier BAL-PETRE"
],
"organization": "ANSSI - French Cybersecurity Agency"
}
],
"cve": "CVE-2025-6020",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T16:33:01.214000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Linux-pam directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace marked as Important rather than Moderate due to its direct impact on privilege boundaries and the ease of exploitation in common configurations. By leveraging symlink attacks or race conditions in polyinstantiated directories under their control, unprivileged local users can escalate to root, compromising the entire system. Since pam_namespace is often used in multi-user environments (e.g., shared systems, terminal servers, containers), a misconfigured or partially protected setup becomes a single point of failure. The attack does not require special capabilities or kernel-level exploits\u2014just timing and control over certain paths\u2014making it both reliable and low-barrier. Moreover, privilege escalation flaws like this can be chained with other vulnerabilities to persist or evade detection, further amplifying the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64"
],
"known_not_affected": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "RHBZ#2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020"
}
],
"release_date": "2025-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-11T15:29:48+00:00",
"details": "A new release of Red Hat OpenShift sandboxed containers.",
"product_ids": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15709"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Linux-pam directory Traversal"
},
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64"
],
"known_not_affected": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-11T15:29:48+00:00",
"details": "A new release of Red Hat OpenShift sandboxed containers.",
"product_ids": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15709"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-rhel9@sha256:7b6bd3411ca5ec140968975d4f11f3ec0686b6fbca0ce05288e041ee2e569a89_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:7b7c0b42ff8814d9d0cfa1b0ec9e58aebe79bc5cfbc658384f026d8493ae6fbe_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-cloud-api-adaptor-webhook-rhel9@sha256:99cc26f9e0e5b0f29cb7f34fe3aa5c974e935fdf21e0f3ad02f1af571113a32c_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-dm-verity-image@sha256:53a7464d8f81eaf0866cf9f84f37cf0d0a3502ad9823e5c1e9676ff326d73de6_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:9ff002e628e5646b5ab3cc9201087847bea29569b4a1bc135b89d5c1a5f0a422_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-monitor-rhel9@sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:6b2da66d287083cf823f6efd8d61ba6a1be10eb6ba8cda484dea4e2ab67ae108_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-must-gather-rhel9@sha256:e45dfb3b2bcc1e13376fc017ba00bbc2966a61c097fdeae8edddfd13b7d69f91_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-operator-bundle@sha256:6a54f96b22c8e407198ef5eb7dd8ad1e0342a39925bdc8bf64f65396d202bf2b_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:8f29671308ca658e32e97d5c3b482f7541aae1bca1b71f39b3276a9a334d8108_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-builder-rhel9@sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac_s390x",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-podvm-payload-rhel9@sha256:8caeae7ffadf08840a47bc90c390ff402dd7db11457bca48f4e08a11e394be74_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:616297cf428a55918fad3653d7aca18fe3c1f622ff63ab9885991bd6dbc6ed65_amd64",
"Red Hat OpenShift sandboxed containers 1.1:registry.redhat.io/openshift-sandboxed-containers/osc-rhel9-operator@sha256:869dabef4a7bf424fb000f5d5f772f02b1c4653fe08fff96ec67e0adf2b2c27d_s390x"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
}
]
}
rhsa-2025:15105
Vulnerability from csaf_redhat
Published
2025-09-03 01:33
Modified
2025-09-11 15:33
Summary
Red Hat Security Advisory: pam security update
Notes
Topic
An update for pam is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.
Security Fix(es):
* linux-pam: Incomplete fix for CVE-2025-6020 (CVE-2025-8941)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for pam is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.\n\nSecurity Fix(es):\n\n* linux-pam: Incomplete fix for CVE-2025-6020 (CVE-2025-8941)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15105",
"url": "https://access.redhat.com/errata/RHSA-2025:15105"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15105.json"
}
],
"title": "Red Hat Security Advisory: pam security update",
"tracking": {
"current_release_date": "2025-09-11T15:33:51+00:00",
"generator": {
"date": "2025-09-11T15:33:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2025:15105",
"initial_release_date": "2025-09-03T01:33:17+00:00",
"revision_history": [
{
"date": "2025-09-03T01:33:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-03T01:33:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-11T15:33:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.6::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:8.6::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:8.6::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.3.1-16.el8_6.3.src",
"product": {
"name": "pam-0:1.3.1-16.el8_6.3.src",
"product_id": "pam-0:1.3.1-16.el8_6.3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.3.1-16.el8_6.3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.3.1-16.el8_6.3.i686",
"product": {
"name": "pam-0:1.3.1-16.el8_6.3.i686",
"product_id": "pam-0:1.3.1-16.el8_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.3.1-16.el8_6.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.3.1-16.el8_6.3.i686",
"product": {
"name": "pam-devel-0:1.3.1-16.el8_6.3.i686",
"product_id": "pam-devel-0:1.3.1-16.el8_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.3.1-16.el8_6.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.3.1-16.el8_6.3.i686",
"product": {
"name": "pam-debugsource-0:1.3.1-16.el8_6.3.i686",
"product_id": "pam-debugsource-0:1.3.1-16.el8_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.3.1-16.el8_6.3?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.3.1-16.el8_6.3.i686",
"product": {
"name": "pam-debuginfo-0:1.3.1-16.el8_6.3.i686",
"product_id": "pam-debuginfo-0:1.3.1-16.el8_6.3.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.3.1-16.el8_6.3?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.3.1-16.el8_6.3.x86_64",
"product": {
"name": "pam-0:1.3.1-16.el8_6.3.x86_64",
"product_id": "pam-0:1.3.1-16.el8_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.3.1-16.el8_6.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.3.1-16.el8_6.3.x86_64",
"product": {
"name": "pam-devel-0:1.3.1-16.el8_6.3.x86_64",
"product_id": "pam-devel-0:1.3.1-16.el8_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.3.1-16.el8_6.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.3.1-16.el8_6.3.x86_64",
"product": {
"name": "pam-debugsource-0:1.3.1-16.el8_6.3.x86_64",
"product_id": "pam-debugsource-0:1.3.1-16.el8_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.3.1-16.el8_6.3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.3.1-16.el8_6.3.x86_64",
"product": {
"name": "pam-debuginfo-0:1.3.1-16.el8_6.3.x86_64",
"product_id": "pam-debuginfo-0:1.3.1-16.el8_6.3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.3.1-16.el8_6.3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.3.1-16.el8_6.3.aarch64",
"product": {
"name": "pam-0:1.3.1-16.el8_6.3.aarch64",
"product_id": "pam-0:1.3.1-16.el8_6.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.3.1-16.el8_6.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.3.1-16.el8_6.3.aarch64",
"product": {
"name": "pam-devel-0:1.3.1-16.el8_6.3.aarch64",
"product_id": "pam-devel-0:1.3.1-16.el8_6.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.3.1-16.el8_6.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.3.1-16.el8_6.3.aarch64",
"product": {
"name": "pam-debugsource-0:1.3.1-16.el8_6.3.aarch64",
"product_id": "pam-debugsource-0:1.3.1-16.el8_6.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.3.1-16.el8_6.3?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.3.1-16.el8_6.3.aarch64",
"product": {
"name": "pam-debuginfo-0:1.3.1-16.el8_6.3.aarch64",
"product_id": "pam-debuginfo-0:1.3.1-16.el8_6.3.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.3.1-16.el8_6.3?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.3.1-16.el8_6.3.ppc64le",
"product": {
"name": "pam-0:1.3.1-16.el8_6.3.ppc64le",
"product_id": "pam-0:1.3.1-16.el8_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.3.1-16.el8_6.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.3.1-16.el8_6.3.ppc64le",
"product": {
"name": "pam-devel-0:1.3.1-16.el8_6.3.ppc64le",
"product_id": "pam-devel-0:1.3.1-16.el8_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.3.1-16.el8_6.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.3.1-16.el8_6.3.ppc64le",
"product": {
"name": "pam-debugsource-0:1.3.1-16.el8_6.3.ppc64le",
"product_id": "pam-debugsource-0:1.3.1-16.el8_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.3.1-16.el8_6.3?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.3.1-16.el8_6.3.ppc64le",
"product": {
"name": "pam-debuginfo-0:1.3.1-16.el8_6.3.ppc64le",
"product_id": "pam-debuginfo-0:1.3.1-16.el8_6.3.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.3.1-16.el8_6.3?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.3.1-16.el8_6.3.s390x",
"product": {
"name": "pam-0:1.3.1-16.el8_6.3.s390x",
"product_id": "pam-0:1.3.1-16.el8_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.3.1-16.el8_6.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.3.1-16.el8_6.3.s390x",
"product": {
"name": "pam-devel-0:1.3.1-16.el8_6.3.s390x",
"product_id": "pam-devel-0:1.3.1-16.el8_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.3.1-16.el8_6.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.3.1-16.el8_6.3.s390x",
"product": {
"name": "pam-debugsource-0:1.3.1-16.el8_6.3.s390x",
"product_id": "pam-debugsource-0:1.3.1-16.el8_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.3.1-16.el8_6.3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.3.1-16.el8_6.3.s390x",
"product": {
"name": "pam-debuginfo-0:1.3.1-16.el8_6.3.s390x",
"product_id": "pam-debuginfo-0:1.3.1-16.el8_6.3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.3.1-16.el8_6.3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-16.el8_6.3.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:pam-0:1.3.1-16.el8_6.3.i686"
},
"product_reference": "pam-0:1.3.1-16.el8_6.3.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-16.el8_6.3.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:pam-0:1.3.1-16.el8_6.3.src"
},
"product_reference": "pam-0:1.3.1-16.el8_6.3.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-16.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:pam-0:1.3.1-16.el8_6.3.x86_64"
},
"product_reference": "pam-0:1.3.1-16.el8_6.3.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-16.el8_6.3.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:pam-debuginfo-0:1.3.1-16.el8_6.3.i686"
},
"product_reference": "pam-debuginfo-0:1.3.1-16.el8_6.3.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-16.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:pam-debuginfo-0:1.3.1-16.el8_6.3.x86_64"
},
"product_reference": "pam-debuginfo-0:1.3.1-16.el8_6.3.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-16.el8_6.3.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:pam-debugsource-0:1.3.1-16.el8_6.3.i686"
},
"product_reference": "pam-debugsource-0:1.3.1-16.el8_6.3.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-16.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:pam-debugsource-0:1.3.1-16.el8_6.3.x86_64"
},
"product_reference": "pam-debugsource-0:1.3.1-16.el8_6.3.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-16.el8_6.3.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:pam-devel-0:1.3.1-16.el8_6.3.i686"
},
"product_reference": "pam-devel-0:1.3.1-16.el8_6.3.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-16.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.AUS:pam-devel-0:1.3.1-16.el8_6.3.x86_64"
},
"product_reference": "pam-devel-0:1.3.1-16.el8_6.3.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-16.el8_6.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.aarch64"
},
"product_reference": "pam-0:1.3.1-16.el8_6.3.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-16.el8_6.3.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.i686"
},
"product_reference": "pam-0:1.3.1-16.el8_6.3.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-16.el8_6.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.ppc64le"
},
"product_reference": "pam-0:1.3.1-16.el8_6.3.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-16.el8_6.3.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.s390x"
},
"product_reference": "pam-0:1.3.1-16.el8_6.3.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-16.el8_6.3.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.src"
},
"product_reference": "pam-0:1.3.1-16.el8_6.3.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-16.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.x86_64"
},
"product_reference": "pam-0:1.3.1-16.el8_6.3.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-16.el8_6.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.aarch64"
},
"product_reference": "pam-debuginfo-0:1.3.1-16.el8_6.3.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-16.el8_6.3.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.i686"
},
"product_reference": "pam-debuginfo-0:1.3.1-16.el8_6.3.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-16.el8_6.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.ppc64le"
},
"product_reference": "pam-debuginfo-0:1.3.1-16.el8_6.3.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-16.el8_6.3.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.s390x"
},
"product_reference": "pam-debuginfo-0:1.3.1-16.el8_6.3.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-16.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.x86_64"
},
"product_reference": "pam-debuginfo-0:1.3.1-16.el8_6.3.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-16.el8_6.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.aarch64"
},
"product_reference": "pam-debugsource-0:1.3.1-16.el8_6.3.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-16.el8_6.3.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.i686"
},
"product_reference": "pam-debugsource-0:1.3.1-16.el8_6.3.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-16.el8_6.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.ppc64le"
},
"product_reference": "pam-debugsource-0:1.3.1-16.el8_6.3.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-16.el8_6.3.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.s390x"
},
"product_reference": "pam-debugsource-0:1.3.1-16.el8_6.3.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-16.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.x86_64"
},
"product_reference": "pam-debugsource-0:1.3.1-16.el8_6.3.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-16.el8_6.3.aarch64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.aarch64"
},
"product_reference": "pam-devel-0:1.3.1-16.el8_6.3.aarch64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-16.el8_6.3.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.i686"
},
"product_reference": "pam-devel-0:1.3.1-16.el8_6.3.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-16.el8_6.3.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.ppc64le"
},
"product_reference": "pam-devel-0:1.3.1-16.el8_6.3.ppc64le",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-16.el8_6.3.s390x as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.s390x"
},
"product_reference": "pam-devel-0:1.3.1-16.el8_6.3.s390x",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-16.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.x86_64"
},
"product_reference": "pam-devel-0:1.3.1-16.el8_6.3.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-16.el8_6.3.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:pam-0:1.3.1-16.el8_6.3.i686"
},
"product_reference": "pam-0:1.3.1-16.el8_6.3.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-16.el8_6.3.src as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:pam-0:1.3.1-16.el8_6.3.src"
},
"product_reference": "pam-0:1.3.1-16.el8_6.3.src",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-16.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:pam-0:1.3.1-16.el8_6.3.x86_64"
},
"product_reference": "pam-0:1.3.1-16.el8_6.3.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-16.el8_6.3.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:pam-debuginfo-0:1.3.1-16.el8_6.3.i686"
},
"product_reference": "pam-debuginfo-0:1.3.1-16.el8_6.3.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-16.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:pam-debuginfo-0:1.3.1-16.el8_6.3.x86_64"
},
"product_reference": "pam-debuginfo-0:1.3.1-16.el8_6.3.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-16.el8_6.3.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:pam-debugsource-0:1.3.1-16.el8_6.3.i686"
},
"product_reference": "pam-debugsource-0:1.3.1-16.el8_6.3.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-16.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:pam-debugsource-0:1.3.1-16.el8_6.3.x86_64"
},
"product_reference": "pam-debugsource-0:1.3.1-16.el8_6.3.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-16.el8_6.3.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:pam-devel-0:1.3.1-16.el8_6.3.i686"
},
"product_reference": "pam-devel-0:1.3.1-16.el8_6.3.i686",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-16.el8_6.3.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"product_id": "BaseOS-8.6.0.Z.TUS:pam-devel-0:1.3.1-16.el8_6.3.x86_64"
},
"product_reference": "pam-devel-0:1.3.1-16.el8_6.3.x86_64",
"relates_to_product_reference": "BaseOS-8.6.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.6.0.Z.AUS:pam-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:pam-0:1.3.1-16.el8_6.3.src",
"BaseOS-8.6.0.Z.AUS:pam-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:pam-debuginfo-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:pam-debuginfo-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:pam-debugsource-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:pam-debugsource-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:pam-devel-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:pam-devel-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.aarch64",
"BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.ppc64le",
"BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.s390x",
"BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.src",
"BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.aarch64",
"BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.ppc64le",
"BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.s390x",
"BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.aarch64",
"BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.ppc64le",
"BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.s390x",
"BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.aarch64",
"BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.ppc64le",
"BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.s390x",
"BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.TUS:pam-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.TUS:pam-0:1.3.1-16.el8_6.3.src",
"BaseOS-8.6.0.Z.TUS:pam-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.TUS:pam-debuginfo-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.TUS:pam-debuginfo-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.TUS:pam-debugsource-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.TUS:pam-debugsource-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.TUS:pam-devel-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.TUS:pam-devel-0:1.3.1-16.el8_6.3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-03T01:33:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:pam-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:pam-0:1.3.1-16.el8_6.3.src",
"BaseOS-8.6.0.Z.AUS:pam-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:pam-debuginfo-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:pam-debuginfo-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:pam-debugsource-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:pam-debugsource-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:pam-devel-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:pam-devel-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.aarch64",
"BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.ppc64le",
"BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.s390x",
"BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.src",
"BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.aarch64",
"BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.ppc64le",
"BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.s390x",
"BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.aarch64",
"BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.ppc64le",
"BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.s390x",
"BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.aarch64",
"BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.ppc64le",
"BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.s390x",
"BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.TUS:pam-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.TUS:pam-0:1.3.1-16.el8_6.3.src",
"BaseOS-8.6.0.Z.TUS:pam-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.TUS:pam-debuginfo-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.TUS:pam-debuginfo-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.TUS:pam-debugsource-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.TUS:pam-debugsource-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.TUS:pam-devel-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.TUS:pam-devel-0:1.3.1-16.el8_6.3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15105"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"BaseOS-8.6.0.Z.AUS:pam-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:pam-0:1.3.1-16.el8_6.3.src",
"BaseOS-8.6.0.Z.AUS:pam-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:pam-debuginfo-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:pam-debuginfo-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:pam-debugsource-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:pam-debugsource-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:pam-devel-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:pam-devel-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.aarch64",
"BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.ppc64le",
"BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.s390x",
"BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.src",
"BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.aarch64",
"BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.ppc64le",
"BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.s390x",
"BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.aarch64",
"BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.ppc64le",
"BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.s390x",
"BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.aarch64",
"BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.ppc64le",
"BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.s390x",
"BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.TUS:pam-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.TUS:pam-0:1.3.1-16.el8_6.3.src",
"BaseOS-8.6.0.Z.TUS:pam-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.TUS:pam-debuginfo-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.TUS:pam-debuginfo-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.TUS:pam-debugsource-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.TUS:pam-debugsource-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.TUS:pam-devel-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.TUS:pam-devel-0:1.3.1-16.el8_6.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.6.0.Z.AUS:pam-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:pam-0:1.3.1-16.el8_6.3.src",
"BaseOS-8.6.0.Z.AUS:pam-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:pam-debuginfo-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:pam-debuginfo-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:pam-debugsource-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:pam-debugsource-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.AUS:pam-devel-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.AUS:pam-devel-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.aarch64",
"BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.ppc64le",
"BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.s390x",
"BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.src",
"BaseOS-8.6.0.Z.E4S:pam-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.aarch64",
"BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.ppc64le",
"BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.s390x",
"BaseOS-8.6.0.Z.E4S:pam-debuginfo-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.aarch64",
"BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.ppc64le",
"BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.s390x",
"BaseOS-8.6.0.Z.E4S:pam-debugsource-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.aarch64",
"BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.ppc64le",
"BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.s390x",
"BaseOS-8.6.0.Z.E4S:pam-devel-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.TUS:pam-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.TUS:pam-0:1.3.1-16.el8_6.3.src",
"BaseOS-8.6.0.Z.TUS:pam-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.TUS:pam-debuginfo-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.TUS:pam-debuginfo-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.TUS:pam-debugsource-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.TUS:pam-debugsource-0:1.3.1-16.el8_6.3.x86_64",
"BaseOS-8.6.0.Z.TUS:pam-devel-0:1.3.1-16.el8_6.3.i686",
"BaseOS-8.6.0.Z.TUS:pam-devel-0:1.3.1-16.el8_6.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
}
]
}
rhsa-2025:15106
Vulnerability from csaf_redhat
Published
2025-09-03 01:33
Modified
2025-09-11 15:33
Summary
Red Hat Security Advisory: pam security update
Notes
Topic
An update for pam is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.
Security Fix(es):
* linux-pam: Incomplete fix for CVE-2025-6020 (CVE-2025-8941)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for pam is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.\n\nSecurity Fix(es):\n\n* linux-pam: Incomplete fix for CVE-2025-6020 (CVE-2025-8941)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15106",
"url": "https://access.redhat.com/errata/RHSA-2025:15106"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15106.json"
}
],
"title": "Red Hat Security Advisory: pam security update",
"tracking": {
"current_release_date": "2025-09-11T15:33:52+00:00",
"generator": {
"date": "2025-09-11T15:33:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2025:15106",
"initial_release_date": "2025-09-03T01:33:37+00:00",
"revision_history": [
{
"date": "2025-09-03T01:33:37+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-03T01:33:37+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-11T15:33:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_els:7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.1.8-23.el7_9.2.src",
"product": {
"name": "pam-0:1.1.8-23.el7_9.2.src",
"product_id": "pam-0:1.1.8-23.el7_9.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.1.8-23.el7_9.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.1.8-23.el7_9.2.ppc",
"product": {
"name": "pam-0:1.1.8-23.el7_9.2.ppc",
"product_id": "pam-0:1.1.8-23.el7_9.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.1.8-23.el7_9.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.1.8-23.el7_9.2.ppc",
"product": {
"name": "pam-devel-0:1.1.8-23.el7_9.2.ppc",
"product_id": "pam-devel-0:1.1.8-23.el7_9.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.1.8-23.el7_9.2?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.1.8-23.el7_9.2.ppc",
"product": {
"name": "pam-debuginfo-0:1.1.8-23.el7_9.2.ppc",
"product_id": "pam-debuginfo-0:1.1.8-23.el7_9.2.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.1.8-23.el7_9.2?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.1.8-23.el7_9.2.ppc64",
"product": {
"name": "pam-0:1.1.8-23.el7_9.2.ppc64",
"product_id": "pam-0:1.1.8-23.el7_9.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.1.8-23.el7_9.2?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.1.8-23.el7_9.2.ppc64",
"product": {
"name": "pam-devel-0:1.1.8-23.el7_9.2.ppc64",
"product_id": "pam-devel-0:1.1.8-23.el7_9.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.1.8-23.el7_9.2?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.1.8-23.el7_9.2.ppc64",
"product": {
"name": "pam-debuginfo-0:1.1.8-23.el7_9.2.ppc64",
"product_id": "pam-debuginfo-0:1.1.8-23.el7_9.2.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.1.8-23.el7_9.2?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.1.8-23.el7_9.2.s390",
"product": {
"name": "pam-0:1.1.8-23.el7_9.2.s390",
"product_id": "pam-0:1.1.8-23.el7_9.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.1.8-23.el7_9.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.1.8-23.el7_9.2.s390",
"product": {
"name": "pam-devel-0:1.1.8-23.el7_9.2.s390",
"product_id": "pam-devel-0:1.1.8-23.el7_9.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.1.8-23.el7_9.2?arch=s390"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.1.8-23.el7_9.2.s390",
"product": {
"name": "pam-debuginfo-0:1.1.8-23.el7_9.2.s390",
"product_id": "pam-debuginfo-0:1.1.8-23.el7_9.2.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.1.8-23.el7_9.2?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.1.8-23.el7_9.2.s390x",
"product": {
"name": "pam-0:1.1.8-23.el7_9.2.s390x",
"product_id": "pam-0:1.1.8-23.el7_9.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.1.8-23.el7_9.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.1.8-23.el7_9.2.s390x",
"product": {
"name": "pam-devel-0:1.1.8-23.el7_9.2.s390x",
"product_id": "pam-devel-0:1.1.8-23.el7_9.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.1.8-23.el7_9.2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.1.8-23.el7_9.2.s390x",
"product": {
"name": "pam-debuginfo-0:1.1.8-23.el7_9.2.s390x",
"product_id": "pam-debuginfo-0:1.1.8-23.el7_9.2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.1.8-23.el7_9.2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.1.8-23.el7_9.2.x86_64",
"product": {
"name": "pam-0:1.1.8-23.el7_9.2.x86_64",
"product_id": "pam-0:1.1.8-23.el7_9.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.1.8-23.el7_9.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.1.8-23.el7_9.2.x86_64",
"product": {
"name": "pam-devel-0:1.1.8-23.el7_9.2.x86_64",
"product_id": "pam-devel-0:1.1.8-23.el7_9.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.1.8-23.el7_9.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.1.8-23.el7_9.2.x86_64",
"product": {
"name": "pam-debuginfo-0:1.1.8-23.el7_9.2.x86_64",
"product_id": "pam-debuginfo-0:1.1.8-23.el7_9.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.1.8-23.el7_9.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.1.8-23.el7_9.2.i686",
"product": {
"name": "pam-0:1.1.8-23.el7_9.2.i686",
"product_id": "pam-0:1.1.8-23.el7_9.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.1.8-23.el7_9.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.1.8-23.el7_9.2.i686",
"product": {
"name": "pam-devel-0:1.1.8-23.el7_9.2.i686",
"product_id": "pam-devel-0:1.1.8-23.el7_9.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.1.8-23.el7_9.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.1.8-23.el7_9.2.i686",
"product": {
"name": "pam-debuginfo-0:1.1.8-23.el7_9.2.i686",
"product_id": "pam-debuginfo-0:1.1.8-23.el7_9.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.1.8-23.el7_9.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.1.8-23.el7_9.2.ppc64le",
"product": {
"name": "pam-0:1.1.8-23.el7_9.2.ppc64le",
"product_id": "pam-0:1.1.8-23.el7_9.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.1.8-23.el7_9.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.1.8-23.el7_9.2.ppc64le",
"product": {
"name": "pam-devel-0:1.1.8-23.el7_9.2.ppc64le",
"product_id": "pam-devel-0:1.1.8-23.el7_9.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.1.8-23.el7_9.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.1.8-23.el7_9.2.ppc64le",
"product": {
"name": "pam-debuginfo-0:1.1.8-23.el7_9.2.ppc64le",
"product_id": "pam-debuginfo-0:1.1.8-23.el7_9.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.1.8-23.el7_9.2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.1.8-23.el7_9.2.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:pam-0:1.1.8-23.el7_9.2.i686"
},
"product_reference": "pam-0:1.1.8-23.el7_9.2.i686",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.1.8-23.el7_9.2.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:pam-0:1.1.8-23.el7_9.2.ppc"
},
"product_reference": "pam-0:1.1.8-23.el7_9.2.ppc",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.1.8-23.el7_9.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:pam-0:1.1.8-23.el7_9.2.ppc64"
},
"product_reference": "pam-0:1.1.8-23.el7_9.2.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.1.8-23.el7_9.2.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:pam-0:1.1.8-23.el7_9.2.ppc64le"
},
"product_reference": "pam-0:1.1.8-23.el7_9.2.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.1.8-23.el7_9.2.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:pam-0:1.1.8-23.el7_9.2.s390"
},
"product_reference": "pam-0:1.1.8-23.el7_9.2.s390",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.1.8-23.el7_9.2.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:pam-0:1.1.8-23.el7_9.2.s390x"
},
"product_reference": "pam-0:1.1.8-23.el7_9.2.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.1.8-23.el7_9.2.src as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:pam-0:1.1.8-23.el7_9.2.src"
},
"product_reference": "pam-0:1.1.8-23.el7_9.2.src",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.1.8-23.el7_9.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:pam-0:1.1.8-23.el7_9.2.x86_64"
},
"product_reference": "pam-0:1.1.8-23.el7_9.2.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.1.8-23.el7_9.2.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.i686"
},
"product_reference": "pam-debuginfo-0:1.1.8-23.el7_9.2.i686",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.1.8-23.el7_9.2.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.ppc"
},
"product_reference": "pam-debuginfo-0:1.1.8-23.el7_9.2.ppc",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.1.8-23.el7_9.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.ppc64"
},
"product_reference": "pam-debuginfo-0:1.1.8-23.el7_9.2.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.1.8-23.el7_9.2.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.ppc64le"
},
"product_reference": "pam-debuginfo-0:1.1.8-23.el7_9.2.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.1.8-23.el7_9.2.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.s390"
},
"product_reference": "pam-debuginfo-0:1.1.8-23.el7_9.2.s390",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.1.8-23.el7_9.2.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.s390x"
},
"product_reference": "pam-debuginfo-0:1.1.8-23.el7_9.2.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.1.8-23.el7_9.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.x86_64"
},
"product_reference": "pam-debuginfo-0:1.1.8-23.el7_9.2.x86_64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.1.8-23.el7_9.2.i686 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.i686"
},
"product_reference": "pam-devel-0:1.1.8-23.el7_9.2.i686",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.1.8-23.el7_9.2.ppc as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.ppc"
},
"product_reference": "pam-devel-0:1.1.8-23.el7_9.2.ppc",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.1.8-23.el7_9.2.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.ppc64"
},
"product_reference": "pam-devel-0:1.1.8-23.el7_9.2.ppc64",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.1.8-23.el7_9.2.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.ppc64le"
},
"product_reference": "pam-devel-0:1.1.8-23.el7_9.2.ppc64le",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.1.8-23.el7_9.2.s390 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.s390"
},
"product_reference": "pam-devel-0:1.1.8-23.el7_9.2.s390",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.1.8-23.el7_9.2.s390x as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.s390x"
},
"product_reference": "pam-devel-0:1.1.8-23.el7_9.2.s390x",
"relates_to_product_reference": "7Server-ELS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.1.8-23.el7_9.2.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7 ELS)",
"product_id": "7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.x86_64"
},
"product_reference": "pam-devel-0:1.1.8-23.el7_9.2.x86_64",
"relates_to_product_reference": "7Server-ELS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.i686",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.ppc",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.ppc64",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.ppc64le",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.s390",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.s390x",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.src",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.x86_64",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.i686",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.ppc",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.ppc64",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.ppc64le",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.s390",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.s390x",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.x86_64",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.i686",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.ppc",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.ppc64",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.ppc64le",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.s390",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.s390x",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-03T01:33:37+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.i686",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.ppc",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.ppc64",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.ppc64le",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.s390",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.s390x",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.src",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.x86_64",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.i686",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.ppc",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.ppc64",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.ppc64le",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.s390",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.s390x",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.x86_64",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.i686",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.ppc",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.ppc64",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.ppc64le",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.s390",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.s390x",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15106"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.i686",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.ppc",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.ppc64",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.ppc64le",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.s390",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.s390x",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.src",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.x86_64",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.i686",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.ppc",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.ppc64",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.ppc64le",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.s390",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.s390x",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.x86_64",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.i686",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.ppc",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.ppc64",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.ppc64le",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.s390",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.s390x",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.i686",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.ppc",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.ppc64",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.ppc64le",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.s390",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.s390x",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.src",
"7Server-ELS:pam-0:1.1.8-23.el7_9.2.x86_64",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.i686",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.ppc",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.ppc64",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.ppc64le",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.s390",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.s390x",
"7Server-ELS:pam-debuginfo-0:1.1.8-23.el7_9.2.x86_64",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.i686",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.ppc",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.ppc64",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.ppc64le",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.s390",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.s390x",
"7Server-ELS:pam-devel-0:1.1.8-23.el7_9.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
}
]
}
rhsa-2025:14557
Vulnerability from csaf_redhat
Published
2025-08-26 01:34
Modified
2025-09-11 15:33
Summary
Red Hat Security Advisory: pam security update
Notes
Topic
An update for pam is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.
Security Fix(es):
* linux-pam: Linux-pam directory Traversal (CVE-2025-6020)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for pam is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.\n\nSecurity Fix(es):\n\n* linux-pam: Linux-pam directory Traversal (CVE-2025-6020)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:14557",
"url": "https://access.redhat.com/errata/RHSA-2025:14557"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_14557.json"
}
],
"title": "Red Hat Security Advisory: pam security update",
"tracking": {
"current_release_date": "2025-09-11T15:33:45+00:00",
"generator": {
"date": "2025-09-11T15:33:45+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2025:14557",
"initial_release_date": "2025-08-26T01:34:29+00:00",
"revision_history": [
{
"date": "2025-08-26T01:34:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-08-26T01:34:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-11T15:33:45+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.3.1-38.el8_10.src",
"product": {
"name": "pam-0:1.3.1-38.el8_10.src",
"product_id": "pam-0:1.3.1-38.el8_10.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.3.1-38.el8_10?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.3.1-38.el8_10.aarch64",
"product": {
"name": "pam-0:1.3.1-38.el8_10.aarch64",
"product_id": "pam-0:1.3.1-38.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.3.1-38.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.3.1-38.el8_10.aarch64",
"product": {
"name": "pam-devel-0:1.3.1-38.el8_10.aarch64",
"product_id": "pam-devel-0:1.3.1-38.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.3.1-38.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.3.1-38.el8_10.aarch64",
"product": {
"name": "pam-debugsource-0:1.3.1-38.el8_10.aarch64",
"product_id": "pam-debugsource-0:1.3.1-38.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.3.1-38.el8_10?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.3.1-38.el8_10.aarch64",
"product": {
"name": "pam-debuginfo-0:1.3.1-38.el8_10.aarch64",
"product_id": "pam-debuginfo-0:1.3.1-38.el8_10.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.3.1-38.el8_10?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.3.1-38.el8_10.ppc64le",
"product": {
"name": "pam-0:1.3.1-38.el8_10.ppc64le",
"product_id": "pam-0:1.3.1-38.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.3.1-38.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.3.1-38.el8_10.ppc64le",
"product": {
"name": "pam-devel-0:1.3.1-38.el8_10.ppc64le",
"product_id": "pam-devel-0:1.3.1-38.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.3.1-38.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.3.1-38.el8_10.ppc64le",
"product": {
"name": "pam-debugsource-0:1.3.1-38.el8_10.ppc64le",
"product_id": "pam-debugsource-0:1.3.1-38.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.3.1-38.el8_10?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.3.1-38.el8_10.ppc64le",
"product": {
"name": "pam-debuginfo-0:1.3.1-38.el8_10.ppc64le",
"product_id": "pam-debuginfo-0:1.3.1-38.el8_10.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.3.1-38.el8_10?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.3.1-38.el8_10.i686",
"product": {
"name": "pam-0:1.3.1-38.el8_10.i686",
"product_id": "pam-0:1.3.1-38.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.3.1-38.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.3.1-38.el8_10.i686",
"product": {
"name": "pam-devel-0:1.3.1-38.el8_10.i686",
"product_id": "pam-devel-0:1.3.1-38.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.3.1-38.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.3.1-38.el8_10.i686",
"product": {
"name": "pam-debugsource-0:1.3.1-38.el8_10.i686",
"product_id": "pam-debugsource-0:1.3.1-38.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.3.1-38.el8_10?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.3.1-38.el8_10.i686",
"product": {
"name": "pam-debuginfo-0:1.3.1-38.el8_10.i686",
"product_id": "pam-debuginfo-0:1.3.1-38.el8_10.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.3.1-38.el8_10?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.3.1-38.el8_10.x86_64",
"product": {
"name": "pam-0:1.3.1-38.el8_10.x86_64",
"product_id": "pam-0:1.3.1-38.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.3.1-38.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.3.1-38.el8_10.x86_64",
"product": {
"name": "pam-devel-0:1.3.1-38.el8_10.x86_64",
"product_id": "pam-devel-0:1.3.1-38.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.3.1-38.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.3.1-38.el8_10.x86_64",
"product": {
"name": "pam-debugsource-0:1.3.1-38.el8_10.x86_64",
"product_id": "pam-debugsource-0:1.3.1-38.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.3.1-38.el8_10?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.3.1-38.el8_10.x86_64",
"product": {
"name": "pam-debuginfo-0:1.3.1-38.el8_10.x86_64",
"product_id": "pam-debuginfo-0:1.3.1-38.el8_10.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.3.1-38.el8_10?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.3.1-38.el8_10.s390x",
"product": {
"name": "pam-0:1.3.1-38.el8_10.s390x",
"product_id": "pam-0:1.3.1-38.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.3.1-38.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.3.1-38.el8_10.s390x",
"product": {
"name": "pam-devel-0:1.3.1-38.el8_10.s390x",
"product_id": "pam-devel-0:1.3.1-38.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.3.1-38.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.3.1-38.el8_10.s390x",
"product": {
"name": "pam-debugsource-0:1.3.1-38.el8_10.s390x",
"product_id": "pam-debugsource-0:1.3.1-38.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.3.1-38.el8_10?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.3.1-38.el8_10.s390x",
"product": {
"name": "pam-debuginfo-0:1.3.1-38.el8_10.s390x",
"product_id": "pam-debuginfo-0:1.3.1-38.el8_10.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.3.1-38.el8_10?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-38.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.aarch64"
},
"product_reference": "pam-0:1.3.1-38.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-38.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.i686"
},
"product_reference": "pam-0:1.3.1-38.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-38.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.ppc64le"
},
"product_reference": "pam-0:1.3.1-38.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-38.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.s390x"
},
"product_reference": "pam-0:1.3.1-38.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-38.el8_10.src as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.src"
},
"product_reference": "pam-0:1.3.1-38.el8_10.src",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-38.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.x86_64"
},
"product_reference": "pam-0:1.3.1-38.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-38.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.aarch64"
},
"product_reference": "pam-debuginfo-0:1.3.1-38.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-38.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.i686"
},
"product_reference": "pam-debuginfo-0:1.3.1-38.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-38.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.ppc64le"
},
"product_reference": "pam-debuginfo-0:1.3.1-38.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-38.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.s390x"
},
"product_reference": "pam-debuginfo-0:1.3.1-38.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-38.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.x86_64"
},
"product_reference": "pam-debuginfo-0:1.3.1-38.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-38.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.aarch64"
},
"product_reference": "pam-debugsource-0:1.3.1-38.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-38.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.i686"
},
"product_reference": "pam-debugsource-0:1.3.1-38.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-38.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.ppc64le"
},
"product_reference": "pam-debugsource-0:1.3.1-38.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-38.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.s390x"
},
"product_reference": "pam-debugsource-0:1.3.1-38.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-38.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.x86_64"
},
"product_reference": "pam-debugsource-0:1.3.1-38.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-38.el8_10.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.aarch64"
},
"product_reference": "pam-devel-0:1.3.1-38.el8_10.aarch64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-38.el8_10.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.i686"
},
"product_reference": "pam-devel-0:1.3.1-38.el8_10.i686",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-38.el8_10.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.ppc64le"
},
"product_reference": "pam-devel-0:1.3.1-38.el8_10.ppc64le",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-38.el8_10.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.s390x"
},
"product_reference": "pam-devel-0:1.3.1-38.el8_10.s390x",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-38.el8_10.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 8)",
"product_id": "BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.x86_64"
},
"product_reference": "pam-devel-0:1.3.1-38.el8_10.x86_64",
"relates_to_product_reference": "BaseOS-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Olivier BAL-PETRE"
],
"organization": "ANSSI - French Cybersecurity Agency"
}
],
"cve": "CVE-2025-6020",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T16:33:01.214000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Linux-pam directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace marked as Important rather than Moderate due to its direct impact on privilege boundaries and the ease of exploitation in common configurations. By leveraging symlink attacks or race conditions in polyinstantiated directories under their control, unprivileged local users can escalate to root, compromising the entire system. Since pam_namespace is often used in multi-user environments (e.g., shared systems, terminal servers, containers), a misconfigured or partially protected setup becomes a single point of failure. The attack does not require special capabilities or kernel-level exploits\u2014just timing and control over certain paths\u2014making it both reliable and low-barrier. Moreover, privilege escalation flaws like this can be chained with other vulnerabilities to persist or evade detection, further amplifying the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "RHBZ#2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020"
}
],
"release_date": "2025-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-26T01:34:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14557"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Linux-pam directory Traversal"
},
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-08-26T01:34:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:14557"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.src",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-0:1.3.1-38.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debuginfo-0:1.3.1-38.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-debugsource-0:1.3.1-38.el8_10.x86_64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.aarch64",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.i686",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.ppc64le",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.s390x",
"BaseOS-8.10.0.Z.MAIN.EUS:pam-devel-0:1.3.1-38.el8_10.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
}
]
}
rhsa-2025:15104
Vulnerability from csaf_redhat
Published
2025-09-03 01:29
Modified
2025-09-11 15:33
Summary
Red Hat Security Advisory: pam security update
Notes
Topic
An update for pam is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.
Security Fix(es):
* linux-pam: Incomplete fix for CVE-2025-6020 (CVE-2025-8941)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for pam is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.\n\nSecurity Fix(es):\n\n* linux-pam: Incomplete fix for CVE-2025-6020 (CVE-2025-8941)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15104",
"url": "https://access.redhat.com/errata/RHSA-2025:15104"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15104.json"
}
],
"title": "Red Hat Security Advisory: pam security update",
"tracking": {
"current_release_date": "2025-09-11T15:33:51+00:00",
"generator": {
"date": "2025-09-11T15:33:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2025:15104",
"initial_release_date": "2025-09-03T01:29:07+00:00",
"revision_history": [
{
"date": "2025-09-03T01:29:07+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-03T01:29:07+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-11T15:33:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.4::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.3.1-14.el8_4.2.src",
"product": {
"name": "pam-0:1.3.1-14.el8_4.2.src",
"product_id": "pam-0:1.3.1-14.el8_4.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.3.1-14.el8_4.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.3.1-14.el8_4.2.i686",
"product": {
"name": "pam-0:1.3.1-14.el8_4.2.i686",
"product_id": "pam-0:1.3.1-14.el8_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.3.1-14.el8_4.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.3.1-14.el8_4.2.i686",
"product": {
"name": "pam-devel-0:1.3.1-14.el8_4.2.i686",
"product_id": "pam-devel-0:1.3.1-14.el8_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.3.1-14.el8_4.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.3.1-14.el8_4.2.i686",
"product": {
"name": "pam-debugsource-0:1.3.1-14.el8_4.2.i686",
"product_id": "pam-debugsource-0:1.3.1-14.el8_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.3.1-14.el8_4.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.3.1-14.el8_4.2.i686",
"product": {
"name": "pam-debuginfo-0:1.3.1-14.el8_4.2.i686",
"product_id": "pam-debuginfo-0:1.3.1-14.el8_4.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.3.1-14.el8_4.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.3.1-14.el8_4.2.x86_64",
"product": {
"name": "pam-0:1.3.1-14.el8_4.2.x86_64",
"product_id": "pam-0:1.3.1-14.el8_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.3.1-14.el8_4.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.3.1-14.el8_4.2.x86_64",
"product": {
"name": "pam-devel-0:1.3.1-14.el8_4.2.x86_64",
"product_id": "pam-devel-0:1.3.1-14.el8_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.3.1-14.el8_4.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.3.1-14.el8_4.2.x86_64",
"product": {
"name": "pam-debugsource-0:1.3.1-14.el8_4.2.x86_64",
"product_id": "pam-debugsource-0:1.3.1-14.el8_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.3.1-14.el8_4.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.3.1-14.el8_4.2.x86_64",
"product": {
"name": "pam-debuginfo-0:1.3.1-14.el8_4.2.x86_64",
"product_id": "pam-debuginfo-0:1.3.1-14.el8_4.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.3.1-14.el8_4.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-14.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:pam-0:1.3.1-14.el8_4.2.i686"
},
"product_reference": "pam-0:1.3.1-14.el8_4.2.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-14.el8_4.2.src as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:pam-0:1.3.1-14.el8_4.2.src"
},
"product_reference": "pam-0:1.3.1-14.el8_4.2.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-14.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:pam-0:1.3.1-14.el8_4.2.x86_64"
},
"product_reference": "pam-0:1.3.1-14.el8_4.2.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-14.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:pam-debuginfo-0:1.3.1-14.el8_4.2.i686"
},
"product_reference": "pam-debuginfo-0:1.3.1-14.el8_4.2.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-14.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:pam-debuginfo-0:1.3.1-14.el8_4.2.x86_64"
},
"product_reference": "pam-debuginfo-0:1.3.1-14.el8_4.2.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-14.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:pam-debugsource-0:1.3.1-14.el8_4.2.i686"
},
"product_reference": "pam-debugsource-0:1.3.1-14.el8_4.2.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-14.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:pam-debugsource-0:1.3.1-14.el8_4.2.x86_64"
},
"product_reference": "pam-debugsource-0:1.3.1-14.el8_4.2.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-14.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:pam-devel-0:1.3.1-14.el8_4.2.i686"
},
"product_reference": "pam-devel-0:1.3.1-14.el8_4.2.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-14.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.AUS:pam-devel-0:1.3.1-14.el8_4.2.x86_64"
},
"product_reference": "pam-devel-0:1.3.1-14.el8_4.2.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-14.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:pam-0:1.3.1-14.el8_4.2.i686"
},
"product_reference": "pam-0:1.3.1-14.el8_4.2.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-14.el8_4.2.src as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:pam-0:1.3.1-14.el8_4.2.src"
},
"product_reference": "pam-0:1.3.1-14.el8_4.2.src",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-14.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:pam-0:1.3.1-14.el8_4.2.x86_64"
},
"product_reference": "pam-0:1.3.1-14.el8_4.2.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-14.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:pam-debuginfo-0:1.3.1-14.el8_4.2.i686"
},
"product_reference": "pam-debuginfo-0:1.3.1-14.el8_4.2.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-14.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:pam-debuginfo-0:1.3.1-14.el8_4.2.x86_64"
},
"product_reference": "pam-debuginfo-0:1.3.1-14.el8_4.2.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-14.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:pam-debugsource-0:1.3.1-14.el8_4.2.i686"
},
"product_reference": "pam-debugsource-0:1.3.1-14.el8_4.2.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-14.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:pam-debugsource-0:1.3.1-14.el8_4.2.x86_64"
},
"product_reference": "pam-debugsource-0:1.3.1-14.el8_4.2.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-14.el8_4.2.i686 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:pam-devel-0:1.3.1-14.el8_4.2.i686"
},
"product_reference": "pam-devel-0:1.3.1-14.el8_4.2.i686",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-14.el8_4.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"product_id": "BaseOS-8.4.0.Z.EUS.EXTENSION:pam-devel-0:1.3.1-14.el8_4.2.x86_64"
},
"product_reference": "pam-devel-0:1.3.1-14.el8_4.2.x86_64",
"relates_to_product_reference": "BaseOS-8.4.0.Z.EUS.EXTENSION"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.4.0.Z.AUS:pam-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:pam-0:1.3.1-14.el8_4.2.src",
"BaseOS-8.4.0.Z.AUS:pam-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:pam-debuginfo-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:pam-debuginfo-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:pam-debugsource-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:pam-debugsource-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:pam-devel-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:pam-devel-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-0:1.3.1-14.el8_4.2.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-debuginfo-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-debuginfo-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-debugsource-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-debugsource-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-devel-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-devel-0:1.3.1-14.el8_4.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-03T01:29:07+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:pam-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:pam-0:1.3.1-14.el8_4.2.src",
"BaseOS-8.4.0.Z.AUS:pam-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:pam-debuginfo-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:pam-debuginfo-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:pam-debugsource-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:pam-debugsource-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:pam-devel-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:pam-devel-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-0:1.3.1-14.el8_4.2.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-debuginfo-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-debuginfo-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-debugsource-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-debugsource-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-devel-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-devel-0:1.3.1-14.el8_4.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15104"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"BaseOS-8.4.0.Z.AUS:pam-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:pam-0:1.3.1-14.el8_4.2.src",
"BaseOS-8.4.0.Z.AUS:pam-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:pam-debuginfo-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:pam-debuginfo-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:pam-debugsource-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:pam-debugsource-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:pam-devel-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:pam-devel-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-0:1.3.1-14.el8_4.2.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-debuginfo-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-debuginfo-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-debugsource-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-debugsource-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-devel-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-devel-0:1.3.1-14.el8_4.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.4.0.Z.AUS:pam-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:pam-0:1.3.1-14.el8_4.2.src",
"BaseOS-8.4.0.Z.AUS:pam-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:pam-debuginfo-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:pam-debuginfo-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:pam-debugsource-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:pam-debugsource-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.AUS:pam-devel-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.AUS:pam-devel-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-0:1.3.1-14.el8_4.2.src",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-debuginfo-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-debuginfo-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-debugsource-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-debugsource-0:1.3.1-14.el8_4.2.x86_64",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-devel-0:1.3.1-14.el8_4.2.i686",
"BaseOS-8.4.0.Z.EUS.EXTENSION:pam-devel-0:1.3.1-14.el8_4.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
}
]
}
rhsa-2025:15107
Vulnerability from csaf_redhat
Published
2025-09-03 01:15
Modified
2025-09-11 15:33
Summary
Red Hat Security Advisory: pam security update
Notes
Topic
An update for pam is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.
Security Fix(es):
* linux-pam: Incomplete fix for CVE-2025-6020 (CVE-2025-8941)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for pam is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.\n\nSecurity Fix(es):\n\n* linux-pam: Incomplete fix for CVE-2025-6020 (CVE-2025-8941)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15107",
"url": "https://access.redhat.com/errata/RHSA-2025:15107"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15107.json"
}
],
"title": "Red Hat Security Advisory: pam security update",
"tracking": {
"current_release_date": "2025-09-11T15:33:52+00:00",
"generator": {
"date": "2025-09-11T15:33:52+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2025:15107",
"initial_release_date": "2025-09-03T01:15:27+00:00",
"revision_history": [
{
"date": "2025-09-03T01:15:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-03T01:15:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-11T15:33:52+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_aus:8.2::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.3.1-8.el8_2.2.src",
"product": {
"name": "pam-0:1.3.1-8.el8_2.2.src",
"product_id": "pam-0:1.3.1-8.el8_2.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.3.1-8.el8_2.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.3.1-8.el8_2.2.i686",
"product": {
"name": "pam-0:1.3.1-8.el8_2.2.i686",
"product_id": "pam-0:1.3.1-8.el8_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.3.1-8.el8_2.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.3.1-8.el8_2.2.i686",
"product": {
"name": "pam-devel-0:1.3.1-8.el8_2.2.i686",
"product_id": "pam-devel-0:1.3.1-8.el8_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.3.1-8.el8_2.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.3.1-8.el8_2.2.i686",
"product": {
"name": "pam-debugsource-0:1.3.1-8.el8_2.2.i686",
"product_id": "pam-debugsource-0:1.3.1-8.el8_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.3.1-8.el8_2.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.3.1-8.el8_2.2.i686",
"product": {
"name": "pam-debuginfo-0:1.3.1-8.el8_2.2.i686",
"product_id": "pam-debuginfo-0:1.3.1-8.el8_2.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.3.1-8.el8_2.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.3.1-8.el8_2.2.x86_64",
"product": {
"name": "pam-0:1.3.1-8.el8_2.2.x86_64",
"product_id": "pam-0:1.3.1-8.el8_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.3.1-8.el8_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.3.1-8.el8_2.2.x86_64",
"product": {
"name": "pam-devel-0:1.3.1-8.el8_2.2.x86_64",
"product_id": "pam-devel-0:1.3.1-8.el8_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.3.1-8.el8_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.3.1-8.el8_2.2.x86_64",
"product": {
"name": "pam-debugsource-0:1.3.1-8.el8_2.2.x86_64",
"product_id": "pam-debugsource-0:1.3.1-8.el8_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.3.1-8.el8_2.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.3.1-8.el8_2.2.x86_64",
"product": {
"name": "pam-debuginfo-0:1.3.1-8.el8_2.2.x86_64",
"product_id": "pam-debuginfo-0:1.3.1-8.el8_2.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.3.1-8.el8_2.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-8.el8_2.2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:pam-0:1.3.1-8.el8_2.2.i686"
},
"product_reference": "pam-0:1.3.1-8.el8_2.2.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-8.el8_2.2.src as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:pam-0:1.3.1-8.el8_2.2.src"
},
"product_reference": "pam-0:1.3.1-8.el8_2.2.src",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-8.el8_2.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:pam-0:1.3.1-8.el8_2.2.x86_64"
},
"product_reference": "pam-0:1.3.1-8.el8_2.2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-8.el8_2.2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:pam-debuginfo-0:1.3.1-8.el8_2.2.i686"
},
"product_reference": "pam-debuginfo-0:1.3.1-8.el8_2.2.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-8.el8_2.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:pam-debuginfo-0:1.3.1-8.el8_2.2.x86_64"
},
"product_reference": "pam-debuginfo-0:1.3.1-8.el8_2.2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-8.el8_2.2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:pam-debugsource-0:1.3.1-8.el8_2.2.i686"
},
"product_reference": "pam-debugsource-0:1.3.1-8.el8_2.2.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-8.el8_2.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:pam-debugsource-0:1.3.1-8.el8_2.2.x86_64"
},
"product_reference": "pam-debugsource-0:1.3.1-8.el8_2.2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-8.el8_2.2.i686 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:pam-devel-0:1.3.1-8.el8_2.2.i686"
},
"product_reference": "pam-devel-0:1.3.1-8.el8_2.2.i686",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-8.el8_2.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS AUS (v. 8.2)",
"product_id": "BaseOS-8.2.0.Z.AUS:pam-devel-0:1.3.1-8.el8_2.2.x86_64"
},
"product_reference": "pam-devel-0:1.3.1-8.el8_2.2.x86_64",
"relates_to_product_reference": "BaseOS-8.2.0.Z.AUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.2.0.Z.AUS:pam-0:1.3.1-8.el8_2.2.i686",
"BaseOS-8.2.0.Z.AUS:pam-0:1.3.1-8.el8_2.2.src",
"BaseOS-8.2.0.Z.AUS:pam-0:1.3.1-8.el8_2.2.x86_64",
"BaseOS-8.2.0.Z.AUS:pam-debuginfo-0:1.3.1-8.el8_2.2.i686",
"BaseOS-8.2.0.Z.AUS:pam-debuginfo-0:1.3.1-8.el8_2.2.x86_64",
"BaseOS-8.2.0.Z.AUS:pam-debugsource-0:1.3.1-8.el8_2.2.i686",
"BaseOS-8.2.0.Z.AUS:pam-debugsource-0:1.3.1-8.el8_2.2.x86_64",
"BaseOS-8.2.0.Z.AUS:pam-devel-0:1.3.1-8.el8_2.2.i686",
"BaseOS-8.2.0.Z.AUS:pam-devel-0:1.3.1-8.el8_2.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-03T01:15:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:pam-0:1.3.1-8.el8_2.2.i686",
"BaseOS-8.2.0.Z.AUS:pam-0:1.3.1-8.el8_2.2.src",
"BaseOS-8.2.0.Z.AUS:pam-0:1.3.1-8.el8_2.2.x86_64",
"BaseOS-8.2.0.Z.AUS:pam-debuginfo-0:1.3.1-8.el8_2.2.i686",
"BaseOS-8.2.0.Z.AUS:pam-debuginfo-0:1.3.1-8.el8_2.2.x86_64",
"BaseOS-8.2.0.Z.AUS:pam-debugsource-0:1.3.1-8.el8_2.2.i686",
"BaseOS-8.2.0.Z.AUS:pam-debugsource-0:1.3.1-8.el8_2.2.x86_64",
"BaseOS-8.2.0.Z.AUS:pam-devel-0:1.3.1-8.el8_2.2.i686",
"BaseOS-8.2.0.Z.AUS:pam-devel-0:1.3.1-8.el8_2.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15107"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"BaseOS-8.2.0.Z.AUS:pam-0:1.3.1-8.el8_2.2.i686",
"BaseOS-8.2.0.Z.AUS:pam-0:1.3.1-8.el8_2.2.src",
"BaseOS-8.2.0.Z.AUS:pam-0:1.3.1-8.el8_2.2.x86_64",
"BaseOS-8.2.0.Z.AUS:pam-debuginfo-0:1.3.1-8.el8_2.2.i686",
"BaseOS-8.2.0.Z.AUS:pam-debuginfo-0:1.3.1-8.el8_2.2.x86_64",
"BaseOS-8.2.0.Z.AUS:pam-debugsource-0:1.3.1-8.el8_2.2.i686",
"BaseOS-8.2.0.Z.AUS:pam-debugsource-0:1.3.1-8.el8_2.2.x86_64",
"BaseOS-8.2.0.Z.AUS:pam-devel-0:1.3.1-8.el8_2.2.i686",
"BaseOS-8.2.0.Z.AUS:pam-devel-0:1.3.1-8.el8_2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.2.0.Z.AUS:pam-0:1.3.1-8.el8_2.2.i686",
"BaseOS-8.2.0.Z.AUS:pam-0:1.3.1-8.el8_2.2.src",
"BaseOS-8.2.0.Z.AUS:pam-0:1.3.1-8.el8_2.2.x86_64",
"BaseOS-8.2.0.Z.AUS:pam-debuginfo-0:1.3.1-8.el8_2.2.i686",
"BaseOS-8.2.0.Z.AUS:pam-debuginfo-0:1.3.1-8.el8_2.2.x86_64",
"BaseOS-8.2.0.Z.AUS:pam-debugsource-0:1.3.1-8.el8_2.2.i686",
"BaseOS-8.2.0.Z.AUS:pam-debugsource-0:1.3.1-8.el8_2.2.x86_64",
"BaseOS-8.2.0.Z.AUS:pam-devel-0:1.3.1-8.el8_2.2.i686",
"BaseOS-8.2.0.Z.AUS:pam-devel-0:1.3.1-8.el8_2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
}
]
}
rhsa-2025:15103
Vulnerability from csaf_redhat
Published
2025-09-03 01:31
Modified
2025-09-11 15:33
Summary
Red Hat Security Advisory: pam security update
Notes
Topic
An update for pam is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.
Security Fix(es):
* linux-pam: Incomplete fix for CVE-2025-6020 (CVE-2025-8941)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for pam is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.\n\nSecurity Fix(es):\n\n* linux-pam: Incomplete fix for CVE-2025-6020 (CVE-2025-8941)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15103",
"url": "https://access.redhat.com/errata/RHSA-2025:15103"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15103.json"
}
],
"title": "Red Hat Security Advisory: pam security update",
"tracking": {
"current_release_date": "2025-09-11T15:33:50+00:00",
"generator": {
"date": "2025-09-11T15:33:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2025:15103",
"initial_release_date": "2025-09-03T01:31:08+00:00",
"revision_history": [
{
"date": "2025-09-03T01:31:08+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-03T01:31:08+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-11T15:33:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_e4s:8.8::baseos"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_tus:8.8::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.3.1-26.el8_8.2.src",
"product": {
"name": "pam-0:1.3.1-26.el8_8.2.src",
"product_id": "pam-0:1.3.1-26.el8_8.2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.3.1-26.el8_8.2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.3.1-26.el8_8.2.ppc64le",
"product": {
"name": "pam-0:1.3.1-26.el8_8.2.ppc64le",
"product_id": "pam-0:1.3.1-26.el8_8.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.3.1-26.el8_8.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.3.1-26.el8_8.2.ppc64le",
"product": {
"name": "pam-devel-0:1.3.1-26.el8_8.2.ppc64le",
"product_id": "pam-devel-0:1.3.1-26.el8_8.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.3.1-26.el8_8.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.3.1-26.el8_8.2.ppc64le",
"product": {
"name": "pam-debugsource-0:1.3.1-26.el8_8.2.ppc64le",
"product_id": "pam-debugsource-0:1.3.1-26.el8_8.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.3.1-26.el8_8.2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.3.1-26.el8_8.2.ppc64le",
"product": {
"name": "pam-debuginfo-0:1.3.1-26.el8_8.2.ppc64le",
"product_id": "pam-debuginfo-0:1.3.1-26.el8_8.2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.3.1-26.el8_8.2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.3.1-26.el8_8.2.i686",
"product": {
"name": "pam-0:1.3.1-26.el8_8.2.i686",
"product_id": "pam-0:1.3.1-26.el8_8.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.3.1-26.el8_8.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.3.1-26.el8_8.2.i686",
"product": {
"name": "pam-devel-0:1.3.1-26.el8_8.2.i686",
"product_id": "pam-devel-0:1.3.1-26.el8_8.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.3.1-26.el8_8.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.3.1-26.el8_8.2.i686",
"product": {
"name": "pam-debugsource-0:1.3.1-26.el8_8.2.i686",
"product_id": "pam-debugsource-0:1.3.1-26.el8_8.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.3.1-26.el8_8.2?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.3.1-26.el8_8.2.i686",
"product": {
"name": "pam-debuginfo-0:1.3.1-26.el8_8.2.i686",
"product_id": "pam-debuginfo-0:1.3.1-26.el8_8.2.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.3.1-26.el8_8.2?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.3.1-26.el8_8.2.x86_64",
"product": {
"name": "pam-0:1.3.1-26.el8_8.2.x86_64",
"product_id": "pam-0:1.3.1-26.el8_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.3.1-26.el8_8.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-devel-0:1.3.1-26.el8_8.2.x86_64",
"product": {
"name": "pam-devel-0:1.3.1-26.el8_8.2.x86_64",
"product_id": "pam-devel-0:1.3.1-26.el8_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.3.1-26.el8_8.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.3.1-26.el8_8.2.x86_64",
"product": {
"name": "pam-debugsource-0:1.3.1-26.el8_8.2.x86_64",
"product_id": "pam-debugsource-0:1.3.1-26.el8_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.3.1-26.el8_8.2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.3.1-26.el8_8.2.x86_64",
"product": {
"name": "pam-debuginfo-0:1.3.1-26.el8_8.2.x86_64",
"product_id": "pam-debuginfo-0:1.3.1-26.el8_8.2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.3.1-26.el8_8.2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-26.el8_8.2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:pam-0:1.3.1-26.el8_8.2.i686"
},
"product_reference": "pam-0:1.3.1-26.el8_8.2.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-26.el8_8.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:pam-0:1.3.1-26.el8_8.2.ppc64le"
},
"product_reference": "pam-0:1.3.1-26.el8_8.2.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-26.el8_8.2.src as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:pam-0:1.3.1-26.el8_8.2.src"
},
"product_reference": "pam-0:1.3.1-26.el8_8.2.src",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-26.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:pam-0:1.3.1-26.el8_8.2.x86_64"
},
"product_reference": "pam-0:1.3.1-26.el8_8.2.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-26.el8_8.2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:pam-debuginfo-0:1.3.1-26.el8_8.2.i686"
},
"product_reference": "pam-debuginfo-0:1.3.1-26.el8_8.2.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-26.el8_8.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:pam-debuginfo-0:1.3.1-26.el8_8.2.ppc64le"
},
"product_reference": "pam-debuginfo-0:1.3.1-26.el8_8.2.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-26.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:pam-debuginfo-0:1.3.1-26.el8_8.2.x86_64"
},
"product_reference": "pam-debuginfo-0:1.3.1-26.el8_8.2.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-26.el8_8.2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:pam-debugsource-0:1.3.1-26.el8_8.2.i686"
},
"product_reference": "pam-debugsource-0:1.3.1-26.el8_8.2.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-26.el8_8.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:pam-debugsource-0:1.3.1-26.el8_8.2.ppc64le"
},
"product_reference": "pam-debugsource-0:1.3.1-26.el8_8.2.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-26.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:pam-debugsource-0:1.3.1-26.el8_8.2.x86_64"
},
"product_reference": "pam-debugsource-0:1.3.1-26.el8_8.2.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-26.el8_8.2.i686 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:pam-devel-0:1.3.1-26.el8_8.2.i686"
},
"product_reference": "pam-devel-0:1.3.1-26.el8_8.2.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-26.el8_8.2.ppc64le as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:pam-devel-0:1.3.1-26.el8_8.2.ppc64le"
},
"product_reference": "pam-devel-0:1.3.1-26.el8_8.2.ppc64le",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-26.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.E4S:pam-devel-0:1.3.1-26.el8_8.2.x86_64"
},
"product_reference": "pam-devel-0:1.3.1-26.el8_8.2.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-26.el8_8.2.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:pam-0:1.3.1-26.el8_8.2.i686"
},
"product_reference": "pam-0:1.3.1-26.el8_8.2.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-26.el8_8.2.src as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:pam-0:1.3.1-26.el8_8.2.src"
},
"product_reference": "pam-0:1.3.1-26.el8_8.2.src",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.3.1-26.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:pam-0:1.3.1-26.el8_8.2.x86_64"
},
"product_reference": "pam-0:1.3.1-26.el8_8.2.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-26.el8_8.2.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:pam-debuginfo-0:1.3.1-26.el8_8.2.i686"
},
"product_reference": "pam-debuginfo-0:1.3.1-26.el8_8.2.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.3.1-26.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:pam-debuginfo-0:1.3.1-26.el8_8.2.x86_64"
},
"product_reference": "pam-debuginfo-0:1.3.1-26.el8_8.2.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-26.el8_8.2.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:pam-debugsource-0:1.3.1-26.el8_8.2.i686"
},
"product_reference": "pam-debugsource-0:1.3.1-26.el8_8.2.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.3.1-26.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:pam-debugsource-0:1.3.1-26.el8_8.2.x86_64"
},
"product_reference": "pam-debugsource-0:1.3.1-26.el8_8.2.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-26.el8_8.2.i686 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:pam-devel-0:1.3.1-26.el8_8.2.i686"
},
"product_reference": "pam-devel-0:1.3.1-26.el8_8.2.i686",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.3.1-26.el8_8.2.x86_64 as a component of Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"product_id": "BaseOS-8.8.0.Z.TUS:pam-devel-0:1.3.1-26.el8_8.2.x86_64"
},
"product_reference": "pam-devel-0:1.3.1-26.el8_8.2.x86_64",
"relates_to_product_reference": "BaseOS-8.8.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"BaseOS-8.8.0.Z.E4S:pam-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:pam-0:1.3.1-26.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:pam-0:1.3.1-26.el8_8.2.src",
"BaseOS-8.8.0.Z.E4S:pam-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:pam-debuginfo-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:pam-debuginfo-0:1.3.1-26.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:pam-debuginfo-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:pam-debugsource-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:pam-debugsource-0:1.3.1-26.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:pam-debugsource-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:pam-devel-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:pam-devel-0:1.3.1-26.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:pam-devel-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:pam-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:pam-0:1.3.1-26.el8_8.2.src",
"BaseOS-8.8.0.Z.TUS:pam-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:pam-debuginfo-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:pam-debuginfo-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:pam-debugsource-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:pam-debugsource-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:pam-devel-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:pam-devel-0:1.3.1-26.el8_8.2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-03T01:31:08+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"BaseOS-8.8.0.Z.E4S:pam-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:pam-0:1.3.1-26.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:pam-0:1.3.1-26.el8_8.2.src",
"BaseOS-8.8.0.Z.E4S:pam-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:pam-debuginfo-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:pam-debuginfo-0:1.3.1-26.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:pam-debuginfo-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:pam-debugsource-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:pam-debugsource-0:1.3.1-26.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:pam-debugsource-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:pam-devel-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:pam-devel-0:1.3.1-26.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:pam-devel-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:pam-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:pam-0:1.3.1-26.el8_8.2.src",
"BaseOS-8.8.0.Z.TUS:pam-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:pam-debuginfo-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:pam-debuginfo-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:pam-debugsource-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:pam-debugsource-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:pam-devel-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:pam-devel-0:1.3.1-26.el8_8.2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15103"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"BaseOS-8.8.0.Z.E4S:pam-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:pam-0:1.3.1-26.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:pam-0:1.3.1-26.el8_8.2.src",
"BaseOS-8.8.0.Z.E4S:pam-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:pam-debuginfo-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:pam-debuginfo-0:1.3.1-26.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:pam-debuginfo-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:pam-debugsource-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:pam-debugsource-0:1.3.1-26.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:pam-debugsource-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:pam-devel-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:pam-devel-0:1.3.1-26.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:pam-devel-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:pam-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:pam-0:1.3.1-26.el8_8.2.src",
"BaseOS-8.8.0.Z.TUS:pam-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:pam-debuginfo-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:pam-debuginfo-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:pam-debugsource-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:pam-debugsource-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:pam-devel-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:pam-devel-0:1.3.1-26.el8_8.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"BaseOS-8.8.0.Z.E4S:pam-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:pam-0:1.3.1-26.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:pam-0:1.3.1-26.el8_8.2.src",
"BaseOS-8.8.0.Z.E4S:pam-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:pam-debuginfo-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:pam-debuginfo-0:1.3.1-26.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:pam-debuginfo-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:pam-debugsource-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:pam-debugsource-0:1.3.1-26.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:pam-debugsource-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.E4S:pam-devel-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.E4S:pam-devel-0:1.3.1-26.el8_8.2.ppc64le",
"BaseOS-8.8.0.Z.E4S:pam-devel-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:pam-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:pam-0:1.3.1-26.el8_8.2.src",
"BaseOS-8.8.0.Z.TUS:pam-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:pam-debuginfo-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:pam-debuginfo-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:pam-debugsource-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:pam-debugsource-0:1.3.1-26.el8_8.2.x86_64",
"BaseOS-8.8.0.Z.TUS:pam-devel-0:1.3.1-26.el8_8.2.i686",
"BaseOS-8.8.0.Z.TUS:pam-devel-0:1.3.1-26.el8_8.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
}
]
}
rhsa-2025:15102
Vulnerability from csaf_redhat
Published
2025-09-03 01:35
Modified
2025-09-11 15:33
Summary
Red Hat Security Advisory: pam security update
Notes
Topic
An update for pam is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.
Security Fix(es):
* linux-pam: Incomplete fix for CVE-2025-6020 (CVE-2025-8941)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for pam is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.\n\nSecurity Fix(es):\n\n* linux-pam: Incomplete fix for CVE-2025-6020 (CVE-2025-8941)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15102",
"url": "https://access.redhat.com/errata/RHSA-2025:15102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15102.json"
}
],
"title": "Red Hat Security Advisory: pam security update",
"tracking": {
"current_release_date": "2025-09-11T15:33:51+00:00",
"generator": {
"date": "2025-09-11T15:33:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2025:15102",
"initial_release_date": "2025-09-03T01:35:02+00:00",
"revision_history": [
{
"date": "2025-09-03T01:35:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-03T01:35:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-11T15:33:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:rhel_eus:9.4::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-devel-0:1.5.1-24.el9_4.1.aarch64",
"product": {
"name": "pam-devel-0:1.5.1-24.el9_4.1.aarch64",
"product_id": "pam-devel-0:1.5.1-24.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.5.1-24.el9_4.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pam-docs-0:1.5.1-24.el9_4.1.aarch64",
"product": {
"name": "pam-docs-0:1.5.1-24.el9_4.1.aarch64",
"product_id": "pam-docs-0:1.5.1-24.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-docs@1.5.1-24.el9_4.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.5.1-24.el9_4.1.aarch64",
"product": {
"name": "pam-debugsource-0:1.5.1-24.el9_4.1.aarch64",
"product_id": "pam-debugsource-0:1.5.1-24.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.5.1-24.el9_4.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.5.1-24.el9_4.1.aarch64",
"product": {
"name": "pam-debuginfo-0:1.5.1-24.el9_4.1.aarch64",
"product_id": "pam-debuginfo-0:1.5.1-24.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.5.1-24.el9_4.1?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pam-0:1.5.1-24.el9_4.1.aarch64",
"product": {
"name": "pam-0:1.5.1-24.el9_4.1.aarch64",
"product_id": "pam-0:1.5.1-24.el9_4.1.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.5.1-24.el9_4.1?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-devel-0:1.5.1-24.el9_4.1.ppc64le",
"product": {
"name": "pam-devel-0:1.5.1-24.el9_4.1.ppc64le",
"product_id": "pam-devel-0:1.5.1-24.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.5.1-24.el9_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-docs-0:1.5.1-24.el9_4.1.ppc64le",
"product": {
"name": "pam-docs-0:1.5.1-24.el9_4.1.ppc64le",
"product_id": "pam-docs-0:1.5.1-24.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-docs@1.5.1-24.el9_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.5.1-24.el9_4.1.ppc64le",
"product": {
"name": "pam-debugsource-0:1.5.1-24.el9_4.1.ppc64le",
"product_id": "pam-debugsource-0:1.5.1-24.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.5.1-24.el9_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.5.1-24.el9_4.1.ppc64le",
"product": {
"name": "pam-debuginfo-0:1.5.1-24.el9_4.1.ppc64le",
"product_id": "pam-debuginfo-0:1.5.1-24.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.5.1-24.el9_4.1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-0:1.5.1-24.el9_4.1.ppc64le",
"product": {
"name": "pam-0:1.5.1-24.el9_4.1.ppc64le",
"product_id": "pam-0:1.5.1-24.el9_4.1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.5.1-24.el9_4.1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-devel-0:1.5.1-24.el9_4.1.i686",
"product": {
"name": "pam-devel-0:1.5.1-24.el9_4.1.i686",
"product_id": "pam-devel-0:1.5.1-24.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.5.1-24.el9_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.5.1-24.el9_4.1.i686",
"product": {
"name": "pam-debugsource-0:1.5.1-24.el9_4.1.i686",
"product_id": "pam-debugsource-0:1.5.1-24.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.5.1-24.el9_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.5.1-24.el9_4.1.i686",
"product": {
"name": "pam-debuginfo-0:1.5.1-24.el9_4.1.i686",
"product_id": "pam-debuginfo-0:1.5.1-24.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.5.1-24.el9_4.1?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-0:1.5.1-24.el9_4.1.i686",
"product": {
"name": "pam-0:1.5.1-24.el9_4.1.i686",
"product_id": "pam-0:1.5.1-24.el9_4.1.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.5.1-24.el9_4.1?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-devel-0:1.5.1-24.el9_4.1.x86_64",
"product": {
"name": "pam-devel-0:1.5.1-24.el9_4.1.x86_64",
"product_id": "pam-devel-0:1.5.1-24.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.5.1-24.el9_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-docs-0:1.5.1-24.el9_4.1.x86_64",
"product": {
"name": "pam-docs-0:1.5.1-24.el9_4.1.x86_64",
"product_id": "pam-docs-0:1.5.1-24.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-docs@1.5.1-24.el9_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.5.1-24.el9_4.1.x86_64",
"product": {
"name": "pam-debugsource-0:1.5.1-24.el9_4.1.x86_64",
"product_id": "pam-debugsource-0:1.5.1-24.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.5.1-24.el9_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.5.1-24.el9_4.1.x86_64",
"product": {
"name": "pam-debuginfo-0:1.5.1-24.el9_4.1.x86_64",
"product_id": "pam-debuginfo-0:1.5.1-24.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.5.1-24.el9_4.1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-0:1.5.1-24.el9_4.1.x86_64",
"product": {
"name": "pam-0:1.5.1-24.el9_4.1.x86_64",
"product_id": "pam-0:1.5.1-24.el9_4.1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.5.1-24.el9_4.1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-devel-0:1.5.1-24.el9_4.1.s390x",
"product": {
"name": "pam-devel-0:1.5.1-24.el9_4.1.s390x",
"product_id": "pam-devel-0:1.5.1-24.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.5.1-24.el9_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pam-docs-0:1.5.1-24.el9_4.1.s390x",
"product": {
"name": "pam-docs-0:1.5.1-24.el9_4.1.s390x",
"product_id": "pam-docs-0:1.5.1-24.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-docs@1.5.1-24.el9_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.5.1-24.el9_4.1.s390x",
"product": {
"name": "pam-debugsource-0:1.5.1-24.el9_4.1.s390x",
"product_id": "pam-debugsource-0:1.5.1-24.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.5.1-24.el9_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.5.1-24.el9_4.1.s390x",
"product": {
"name": "pam-debuginfo-0:1.5.1-24.el9_4.1.s390x",
"product_id": "pam-debuginfo-0:1.5.1-24.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.5.1-24.el9_4.1?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pam-0:1.5.1-24.el9_4.1.s390x",
"product": {
"name": "pam-0:1.5.1-24.el9_4.1.s390x",
"product_id": "pam-0:1.5.1-24.el9_4.1.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.5.1-24.el9_4.1?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.5.1-24.el9_4.1.src",
"product": {
"name": "pam-0:1.5.1-24.el9_4.1.src",
"product_id": "pam-0:1.5.1-24.el9_4.1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.5.1-24.el9_4.1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-24.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.aarch64"
},
"product_reference": "pam-0:1.5.1-24.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-24.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.i686"
},
"product_reference": "pam-0:1.5.1-24.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-24.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.ppc64le"
},
"product_reference": "pam-0:1.5.1-24.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-24.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.s390x"
},
"product_reference": "pam-0:1.5.1-24.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-24.el9_4.1.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.src"
},
"product_reference": "pam-0:1.5.1-24.el9_4.1.src",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-24.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.x86_64"
},
"product_reference": "pam-0:1.5.1-24.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-24.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.aarch64"
},
"product_reference": "pam-debuginfo-0:1.5.1-24.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-24.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.i686"
},
"product_reference": "pam-debuginfo-0:1.5.1-24.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-24.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.ppc64le"
},
"product_reference": "pam-debuginfo-0:1.5.1-24.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-24.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.s390x"
},
"product_reference": "pam-debuginfo-0:1.5.1-24.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-24.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.x86_64"
},
"product_reference": "pam-debuginfo-0:1.5.1-24.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-24.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.aarch64"
},
"product_reference": "pam-debugsource-0:1.5.1-24.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-24.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.i686"
},
"product_reference": "pam-debugsource-0:1.5.1-24.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-24.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.ppc64le"
},
"product_reference": "pam-debugsource-0:1.5.1-24.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-24.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.s390x"
},
"product_reference": "pam-debugsource-0:1.5.1-24.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-24.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.x86_64"
},
"product_reference": "pam-debugsource-0:1.5.1-24.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-24.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.aarch64"
},
"product_reference": "pam-devel-0:1.5.1-24.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-24.el9_4.1.i686 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.i686"
},
"product_reference": "pam-devel-0:1.5.1-24.el9_4.1.i686",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-24.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.ppc64le"
},
"product_reference": "pam-devel-0:1.5.1-24.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-24.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.s390x"
},
"product_reference": "pam-devel-0:1.5.1-24.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-24.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.x86_64"
},
"product_reference": "pam-devel-0:1.5.1-24.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-24.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.aarch64"
},
"product_reference": "pam-docs-0:1.5.1-24.el9_4.1.aarch64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-24.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.ppc64le"
},
"product_reference": "pam-docs-0:1.5.1-24.el9_4.1.ppc64le",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-24.el9_4.1.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.s390x"
},
"product_reference": "pam-docs-0:1.5.1-24.el9_4.1.s390x",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-24.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"product_id": "AppStream-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.x86_64"
},
"product_reference": "pam-docs-0:1.5.1-24.el9_4.1.x86_64",
"relates_to_product_reference": "AppStream-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-24.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.aarch64"
},
"product_reference": "pam-0:1.5.1-24.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-24.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.i686"
},
"product_reference": "pam-0:1.5.1-24.el9_4.1.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-24.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.ppc64le"
},
"product_reference": "pam-0:1.5.1-24.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-24.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.s390x"
},
"product_reference": "pam-0:1.5.1-24.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-24.el9_4.1.src as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.src"
},
"product_reference": "pam-0:1.5.1-24.el9_4.1.src",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-24.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.x86_64"
},
"product_reference": "pam-0:1.5.1-24.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-24.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.aarch64"
},
"product_reference": "pam-debuginfo-0:1.5.1-24.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-24.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.i686"
},
"product_reference": "pam-debuginfo-0:1.5.1-24.el9_4.1.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-24.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.ppc64le"
},
"product_reference": "pam-debuginfo-0:1.5.1-24.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-24.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.s390x"
},
"product_reference": "pam-debuginfo-0:1.5.1-24.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-24.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.x86_64"
},
"product_reference": "pam-debuginfo-0:1.5.1-24.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-24.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.aarch64"
},
"product_reference": "pam-debugsource-0:1.5.1-24.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-24.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.i686"
},
"product_reference": "pam-debugsource-0:1.5.1-24.el9_4.1.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-24.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.ppc64le"
},
"product_reference": "pam-debugsource-0:1.5.1-24.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-24.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.s390x"
},
"product_reference": "pam-debugsource-0:1.5.1-24.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-24.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.x86_64"
},
"product_reference": "pam-debugsource-0:1.5.1-24.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-24.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.aarch64"
},
"product_reference": "pam-devel-0:1.5.1-24.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-24.el9_4.1.i686 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.i686"
},
"product_reference": "pam-devel-0:1.5.1-24.el9_4.1.i686",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-24.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.ppc64le"
},
"product_reference": "pam-devel-0:1.5.1-24.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-24.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.s390x"
},
"product_reference": "pam-devel-0:1.5.1-24.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-24.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.x86_64"
},
"product_reference": "pam-devel-0:1.5.1-24.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-24.el9_4.1.aarch64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.aarch64"
},
"product_reference": "pam-docs-0:1.5.1-24.el9_4.1.aarch64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-24.el9_4.1.ppc64le as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.ppc64le"
},
"product_reference": "pam-docs-0:1.5.1-24.el9_4.1.ppc64le",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-24.el9_4.1.s390x as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.s390x"
},
"product_reference": "pam-docs-0:1.5.1-24.el9_4.1.s390x",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-24.el9_4.1.x86_64 as a component of Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"product_id": "BaseOS-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.x86_64"
},
"product_reference": "pam-docs-0:1.5.1-24.el9_4.1.x86_64",
"relates_to_product_reference": "BaseOS-9.4.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-03T01:35:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15102"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.src",
"AppStream-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.i686",
"AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.x86_64",
"AppStream-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.aarch64",
"AppStream-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.ppc64le",
"AppStream-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.s390x",
"AppStream-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.src",
"BaseOS-9.4.0.Z.EUS:pam-0:1.5.1-24.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:pam-debuginfo-0:1.5.1-24.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:pam-debugsource-0:1.5.1-24.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.i686",
"BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:pam-devel-0:1.5.1-24.el9_4.1.x86_64",
"BaseOS-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.aarch64",
"BaseOS-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.ppc64le",
"BaseOS-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.s390x",
"BaseOS-9.4.0.Z.EUS:pam-docs-0:1.5.1-24.el9_4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
}
]
}
rhsa-2025:15099
Vulnerability from csaf_redhat
Published
2025-09-03 01:08
Modified
2025-09-11 15:33
Summary
Red Hat Security Advisory: pam security update
Notes
Topic
An update for pam is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.
Security Fix(es):
* linux-pam: Linux-pam directory Traversal (CVE-2025-6020)
* linux-pam: Incomplete fix for CVE-2025-6020 (CVE-2025-8941)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for pam is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.\n\nSecurity Fix(es):\n\n* linux-pam: Linux-pam directory Traversal (CVE-2025-6020)\n\n* linux-pam: Incomplete fix for CVE-2025-6020 (CVE-2025-8941)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:15099",
"url": "https://access.redhat.com/errata/RHSA-2025:15099"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_15099.json"
}
],
"title": "Red Hat Security Advisory: pam security update",
"tracking": {
"current_release_date": "2025-09-11T15:33:49+00:00",
"generator": {
"date": "2025-09-11T15:33:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.7"
}
},
"id": "RHSA-2025:15099",
"initial_release_date": "2025-09-03T01:08:27+00:00",
"revision_history": [
{
"date": "2025-09-03T01:08:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-09-03T01:08:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-11T15:33:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9::baseos"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-devel-0:1.5.1-26.el9_6.aarch64",
"product": {
"name": "pam-devel-0:1.5.1-26.el9_6.aarch64",
"product_id": "pam-devel-0:1.5.1-26.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.5.1-26.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pam-docs-0:1.5.1-26.el9_6.aarch64",
"product": {
"name": "pam-docs-0:1.5.1-26.el9_6.aarch64",
"product_id": "pam-docs-0:1.5.1-26.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-docs@1.5.1-26.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.5.1-26.el9_6.aarch64",
"product": {
"name": "pam-debugsource-0:1.5.1-26.el9_6.aarch64",
"product_id": "pam-debugsource-0:1.5.1-26.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.5.1-26.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.5.1-26.el9_6.aarch64",
"product": {
"name": "pam-debuginfo-0:1.5.1-26.el9_6.aarch64",
"product_id": "pam-debuginfo-0:1.5.1-26.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.5.1-26.el9_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "pam-0:1.5.1-26.el9_6.aarch64",
"product": {
"name": "pam-0:1.5.1-26.el9_6.aarch64",
"product_id": "pam-0:1.5.1-26.el9_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.5.1-26.el9_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-devel-0:1.5.1-26.el9_6.ppc64le",
"product": {
"name": "pam-devel-0:1.5.1-26.el9_6.ppc64le",
"product_id": "pam-devel-0:1.5.1-26.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.5.1-26.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-docs-0:1.5.1-26.el9_6.ppc64le",
"product": {
"name": "pam-docs-0:1.5.1-26.el9_6.ppc64le",
"product_id": "pam-docs-0:1.5.1-26.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-docs@1.5.1-26.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.5.1-26.el9_6.ppc64le",
"product": {
"name": "pam-debugsource-0:1.5.1-26.el9_6.ppc64le",
"product_id": "pam-debugsource-0:1.5.1-26.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.5.1-26.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.5.1-26.el9_6.ppc64le",
"product": {
"name": "pam-debuginfo-0:1.5.1-26.el9_6.ppc64le",
"product_id": "pam-debuginfo-0:1.5.1-26.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.5.1-26.el9_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "pam-0:1.5.1-26.el9_6.ppc64le",
"product": {
"name": "pam-0:1.5.1-26.el9_6.ppc64le",
"product_id": "pam-0:1.5.1-26.el9_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.5.1-26.el9_6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-devel-0:1.5.1-26.el9_6.i686",
"product": {
"name": "pam-devel-0:1.5.1-26.el9_6.i686",
"product_id": "pam-devel-0:1.5.1-26.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.5.1-26.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.5.1-26.el9_6.i686",
"product": {
"name": "pam-debugsource-0:1.5.1-26.el9_6.i686",
"product_id": "pam-debugsource-0:1.5.1-26.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.5.1-26.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.5.1-26.el9_6.i686",
"product": {
"name": "pam-debuginfo-0:1.5.1-26.el9_6.i686",
"product_id": "pam-debuginfo-0:1.5.1-26.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.5.1-26.el9_6?arch=i686"
}
}
},
{
"category": "product_version",
"name": "pam-0:1.5.1-26.el9_6.i686",
"product": {
"name": "pam-0:1.5.1-26.el9_6.i686",
"product_id": "pam-0:1.5.1-26.el9_6.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.5.1-26.el9_6?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-devel-0:1.5.1-26.el9_6.x86_64",
"product": {
"name": "pam-devel-0:1.5.1-26.el9_6.x86_64",
"product_id": "pam-devel-0:1.5.1-26.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.5.1-26.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-docs-0:1.5.1-26.el9_6.x86_64",
"product": {
"name": "pam-docs-0:1.5.1-26.el9_6.x86_64",
"product_id": "pam-docs-0:1.5.1-26.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-docs@1.5.1-26.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.5.1-26.el9_6.x86_64",
"product": {
"name": "pam-debugsource-0:1.5.1-26.el9_6.x86_64",
"product_id": "pam-debugsource-0:1.5.1-26.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.5.1-26.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.5.1-26.el9_6.x86_64",
"product": {
"name": "pam-debuginfo-0:1.5.1-26.el9_6.x86_64",
"product_id": "pam-debuginfo-0:1.5.1-26.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.5.1-26.el9_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "pam-0:1.5.1-26.el9_6.x86_64",
"product": {
"name": "pam-0:1.5.1-26.el9_6.x86_64",
"product_id": "pam-0:1.5.1-26.el9_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.5.1-26.el9_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-devel-0:1.5.1-26.el9_6.s390x",
"product": {
"name": "pam-devel-0:1.5.1-26.el9_6.s390x",
"product_id": "pam-devel-0:1.5.1-26.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-devel@1.5.1-26.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pam-docs-0:1.5.1-26.el9_6.s390x",
"product": {
"name": "pam-docs-0:1.5.1-26.el9_6.s390x",
"product_id": "pam-docs-0:1.5.1-26.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-docs@1.5.1-26.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pam-debugsource-0:1.5.1-26.el9_6.s390x",
"product": {
"name": "pam-debugsource-0:1.5.1-26.el9_6.s390x",
"product_id": "pam-debugsource-0:1.5.1-26.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debugsource@1.5.1-26.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pam-debuginfo-0:1.5.1-26.el9_6.s390x",
"product": {
"name": "pam-debuginfo-0:1.5.1-26.el9_6.s390x",
"product_id": "pam-debuginfo-0:1.5.1-26.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam-debuginfo@1.5.1-26.el9_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "pam-0:1.5.1-26.el9_6.s390x",
"product": {
"name": "pam-0:1.5.1-26.el9_6.s390x",
"product_id": "pam-0:1.5.1-26.el9_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.5.1-26.el9_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "pam-0:1.5.1-26.el9_6.src",
"product": {
"name": "pam-0:1.5.1-26.el9_6.src",
"product_id": "pam-0:1.5.1-26.el9_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/pam@1.5.1-26.el9_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-26.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.aarch64"
},
"product_reference": "pam-0:1.5.1-26.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-26.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.i686"
},
"product_reference": "pam-0:1.5.1-26.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-26.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.ppc64le"
},
"product_reference": "pam-0:1.5.1-26.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-26.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.s390x"
},
"product_reference": "pam-0:1.5.1-26.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-26.el9_6.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.src"
},
"product_reference": "pam-0:1.5.1-26.el9_6.src",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-26.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.x86_64"
},
"product_reference": "pam-0:1.5.1-26.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-26.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.aarch64"
},
"product_reference": "pam-debuginfo-0:1.5.1-26.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-26.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.i686"
},
"product_reference": "pam-debuginfo-0:1.5.1-26.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-26.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.ppc64le"
},
"product_reference": "pam-debuginfo-0:1.5.1-26.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-26.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.s390x"
},
"product_reference": "pam-debuginfo-0:1.5.1-26.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-26.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.x86_64"
},
"product_reference": "pam-debuginfo-0:1.5.1-26.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-26.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.aarch64"
},
"product_reference": "pam-debugsource-0:1.5.1-26.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-26.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.i686"
},
"product_reference": "pam-debugsource-0:1.5.1-26.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-26.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.ppc64le"
},
"product_reference": "pam-debugsource-0:1.5.1-26.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-26.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.s390x"
},
"product_reference": "pam-debugsource-0:1.5.1-26.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-26.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.x86_64"
},
"product_reference": "pam-debugsource-0:1.5.1-26.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-26.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.aarch64"
},
"product_reference": "pam-devel-0:1.5.1-26.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-26.el9_6.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.i686"
},
"product_reference": "pam-devel-0:1.5.1-26.el9_6.i686",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-26.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.ppc64le"
},
"product_reference": "pam-devel-0:1.5.1-26.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-26.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.s390x"
},
"product_reference": "pam-devel-0:1.5.1-26.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-26.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.x86_64"
},
"product_reference": "pam-devel-0:1.5.1-26.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-26.el9_6.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.aarch64"
},
"product_reference": "pam-docs-0:1.5.1-26.el9_6.aarch64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-26.el9_6.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.ppc64le"
},
"product_reference": "pam-docs-0:1.5.1-26.el9_6.ppc64le",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-26.el9_6.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.s390x"
},
"product_reference": "pam-docs-0:1.5.1-26.el9_6.s390x",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-26.el9_6.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.x86_64"
},
"product_reference": "pam-docs-0:1.5.1-26.el9_6.x86_64",
"relates_to_product_reference": "AppStream-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-26.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.aarch64"
},
"product_reference": "pam-0:1.5.1-26.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-26.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.i686"
},
"product_reference": "pam-0:1.5.1-26.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-26.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.ppc64le"
},
"product_reference": "pam-0:1.5.1-26.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-26.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.s390x"
},
"product_reference": "pam-0:1.5.1-26.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-26.el9_6.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.src"
},
"product_reference": "pam-0:1.5.1-26.el9_6.src",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-0:1.5.1-26.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.x86_64"
},
"product_reference": "pam-0:1.5.1-26.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-26.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.aarch64"
},
"product_reference": "pam-debuginfo-0:1.5.1-26.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-26.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.i686"
},
"product_reference": "pam-debuginfo-0:1.5.1-26.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-26.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.ppc64le"
},
"product_reference": "pam-debuginfo-0:1.5.1-26.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-26.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.s390x"
},
"product_reference": "pam-debuginfo-0:1.5.1-26.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debuginfo-0:1.5.1-26.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.x86_64"
},
"product_reference": "pam-debuginfo-0:1.5.1-26.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-26.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.aarch64"
},
"product_reference": "pam-debugsource-0:1.5.1-26.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-26.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.i686"
},
"product_reference": "pam-debugsource-0:1.5.1-26.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-26.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.ppc64le"
},
"product_reference": "pam-debugsource-0:1.5.1-26.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-26.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.s390x"
},
"product_reference": "pam-debugsource-0:1.5.1-26.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-debugsource-0:1.5.1-26.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.x86_64"
},
"product_reference": "pam-debugsource-0:1.5.1-26.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-26.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.aarch64"
},
"product_reference": "pam-devel-0:1.5.1-26.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-26.el9_6.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.i686"
},
"product_reference": "pam-devel-0:1.5.1-26.el9_6.i686",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-26.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.ppc64le"
},
"product_reference": "pam-devel-0:1.5.1-26.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-26.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.s390x"
},
"product_reference": "pam-devel-0:1.5.1-26.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-devel-0:1.5.1-26.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.x86_64"
},
"product_reference": "pam-devel-0:1.5.1-26.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-26.el9_6.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.aarch64"
},
"product_reference": "pam-docs-0:1.5.1-26.el9_6.aarch64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-26.el9_6.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.ppc64le"
},
"product_reference": "pam-docs-0:1.5.1-26.el9_6.ppc64le",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-26.el9_6.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.s390x"
},
"product_reference": "pam-docs-0:1.5.1-26.el9_6.s390x",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "pam-docs-0:1.5.1-26.el9_6.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)",
"product_id": "BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.x86_64"
},
"product_reference": "pam-docs-0:1.5.1-26.el9_6.x86_64",
"relates_to_product_reference": "BaseOS-9.6.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Olivier BAL-PETRE"
],
"organization": "ANSSI - French Cybersecurity Agency"
}
],
"cve": "CVE-2025-6020",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-06-12T16:33:01.214000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2372512"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Linux-pam directory Traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace marked as Important rather than Moderate due to its direct impact on privilege boundaries and the ease of exploitation in common configurations. By leveraging symlink attacks or race conditions in polyinstantiated directories under their control, unprivileged local users can escalate to root, compromising the entire system. Since pam_namespace is often used in multi-user environments (e.g., shared systems, terminal servers, containers), a misconfigured or partially protected setup becomes a single point of failure. The attack does not require special capabilities or kernel-level exploits\u2014just timing and control over certain paths\u2014making it both reliable and low-barrier. Moreover, privilege escalation flaws like this can be chained with other vulnerabilities to persist or evade detection, further amplifying the risk.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6020"
},
{
"category": "external",
"summary": "RHBZ#2372512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372512"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6020",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6020"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6020"
}
],
"release_date": "2025-06-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-03T01:08:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15099"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Linux-pam directory Traversal"
},
{
"cve": "CVE-2025-8941",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2025-08-13T12:11:55.270000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2388220"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "linux-pam: Incomplete fix for CVE-2025-6020",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in pam_namespace is rated Important because it allows a local, unprivileged user to escalate privileges to root by exploiting symlink attacks or race conditions in polyinstantiated directories under their control. Successful exploitation requires only the ability to create and manipulate filesystem paths in such directories, without the need for special capabilities or kernel-level vulnerabilities. In multi-user environments\u2014such as shared systems, terminal servers, or certain container deployments, an unprotected or misconfigured pam_namespace configuration can serve as a single point of compromise. Privilege escalation flaws of this nature may also be chained with other vulnerabilities to maintain persistence or evade detection, further increasing the overall impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"category": "external",
"summary": "RHBZ#2388220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8941",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8941"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
}
],
"release_date": "2025-08-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-09-03T01:08:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:15099"
},
{
"category": "workaround",
"details": "Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.",
"product_ids": [
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.src",
"AppStream-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.i686",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.x86_64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.aarch64",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.ppc64le",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.s390x",
"AppStream-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.src",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debuginfo-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-debugsource-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.i686",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-devel-0:1.5.1-26.el9_6.x86_64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.aarch64",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.ppc64le",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.s390x",
"BaseOS-9.6.0.Z.MAIN.EUS:pam-docs-0:1.5.1-26.el9_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "linux-pam: Incomplete fix for CVE-2025-6020"
}
]
}
fkie_cve-2025-8941
Vulnerability from fkie_nvd
Published
2025-08-13 15:15
Modified
2025-09-11 16:15
Severity ?
Summary
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una falla en linux-pam. El m\u00f3dulo pam_namespace podr\u00eda gestionar incorrectamente las rutas controladas por el usuario, lo que permite a los usuarios locales explotar ataques de enlaces simb\u00f3licos y condiciones de ejecuci\u00f3n para elevar sus privilegios a root. Esta CVE proporciona una soluci\u00f3n completa para CVE-2025-6020."
}
],
"id": "CVE-2025-8941",
"lastModified": "2025-09-11T16:15:34.393",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
},
"published": "2025-08-13T15:15:41.873",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:14557"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:15099"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:15100"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:15101"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:15102"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:15103"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:15104"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:15105"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:15106"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:15107"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2025:15709"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
}
]
}
ghsa-hqqx-rjqh-53c2
Vulnerability from github
Published
2025-08-13 15:30
Modified
2025-09-11 18:35
Severity ?
VLAI Severity ?
Details
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
{
"affected": [],
"aliases": [
"CVE-2025-8941"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-13T15:15:41Z",
"severity": "HIGH"
},
"details": "A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a \"complete\" fix for CVE-2025-6020.",
"id": "GHSA-hqqx-rjqh-53c2",
"modified": "2025-09-11T18:35:40Z",
"published": "2025-08-13T15:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8941"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:14557"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:15099"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:15100"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:15101"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:15102"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:15103"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:15104"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:15105"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:15106"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:15107"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2025:15709"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-8941"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
wid-sec-w-2025-1828
Vulnerability from csaf_certbund
Published
2025-08-13 22:00
Modified
2025-09-02 22:00
Summary
PAM (linux-pam package): Schwachstelle ermöglicht Erlangen von Administratorrechten
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Linux Pluggable Authentication Modules (PAM) ist eine Sammlung von Bibliotheken, die es einem Linux-Systemadministrator ermöglichen, Methoden zur Authentifizierung von Benutzern zu konfigurieren.
Angriff
Ein lokaler Angreifer kann eine Schwachstelle in PAM ausnutzen, um Administratorrechte zu erlangen.
Betroffene Betriebssysteme
- Linux
- UNIX
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Linux Pluggable Authentication Modules (PAM) ist eine Sammlung von Bibliotheken, die es einem Linux-Systemadministrator erm\u00f6glichen, Methoden zur Authentifizierung von Benutzern zu konfigurieren.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in PAM ausnutzen, um Administratorrechte zu erlangen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-1828 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1828.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-1828 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1828"
},
{
"category": "external",
"summary": "Red Hat Bugtracker #2388220 vom 2025-08-13",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388220"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15107 vom 2025-09-03",
"url": "https://access.redhat.com/errata/RHSA-2025:15107"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15102 vom 2025-09-03",
"url": "https://access.redhat.com/errata/RHSA-2025:15102"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15104 vom 2025-09-03",
"url": "https://access.redhat.com/errata/RHSA-2025:15104"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15099 vom 2025-09-03",
"url": "https://access.redhat.com/errata/RHSA-2025:15099"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15100 vom 2025-09-03",
"url": "https://access.redhat.com/errata/RHSA-2025:15100"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15103 vom 2025-09-03",
"url": "https://access.redhat.com/errata/RHSA-2025:15103"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15101 vom 2025-09-03",
"url": "https://access.redhat.com/errata/RHSA-2025:15101"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15105 vom 2025-09-03",
"url": "https://access.redhat.com/errata/RHSA-2025:15105"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:15106 vom 2025-09-03",
"url": "https://access.redhat.com/errata/RHSA-2025:15106"
}
],
"source_lang": "en-US",
"title": "PAM (linux-pam package): Schwachstelle erm\u00f6glicht Erlangen von Administratorrechten",
"tracking": {
"current_release_date": "2025-09-02T22:00:00.000+00:00",
"generator": {
"date": "2025-09-03T07:06:32.587+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-1828",
"initial_release_date": "2025-08-13T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-08-13T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-09-02T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c1.7.1",
"product": {
"name": "Open Source PAM \u003c1.7.1",
"product_id": "T046236"
}
},
{
"category": "product_version",
"name": "1.7.1",
"product": {
"name": "Open Source PAM 1.7.1",
"product_id": "T046236-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:kernel:linux-pam:1.7.1"
}
}
}
],
"category": "product_name",
"name": "PAM"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-8941",
"product_status": {
"known_affected": [
"67646",
"T046236"
]
},
"release_date": "2025-08-13T22:00:00.000+00:00",
"title": "CVE-2025-8941"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…