CVE-2024-10041

Publication date 23 October 2024

Last updated 26 May 2025

Ubuntu priority

Cvss 3 Severity Score

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
pam	25.04 plucky	Vulnerable
	24.10 oracular	Vulnerable
	24.04 LTS noble	Vulnerable
	22.04 LTS jammy	Vulnerable
	20.04 LTS focal	Vulnerable
	18.04 LTS bionic	Vulnerable
	16.04 LTS xenial	Vulnerable
	14.04 LTS trusty	Vulnerable

Notes

mdeslaur

The upstream bug for this issue, #846, indicates that the fix in pull 686, also listed below as the commit in 1.6.0, fixes this issue, but the CVE description is vague and it’s difficult to determine if that is actually the right fix.

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
pam	Upstream: https://github.com/linux-pam/linux-pam/pull/686 Upstream: b3020da Upstream: b7b9636

Severity score breakdown

Parameter	Value
Base score	4.7 · Medium
Attack vector	Local
Attack complexity	High
Privileges required	Low
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	None
Availability impact	None
Vector	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N