CVE-2024-10041

EUVD-2024-33572
A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
linux-pamlinux-pam
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pam
bookworm
ignored
bullseye
ignored
bullseye (security)
vulnerable
forky
1.7.0-5
fixed
sid
1.7.0-5
fixed
trixie
1.7.0-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pam
bionic
ignored
focal
ignored
jammy
ignored
noble
ignored
oracular
ignored
plucky
ignored
trusty
ignored
xenial
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
apache2-mod_apparmor
suse enterprise server 12 SP5
2.8.2-56.26.1
fixed
suse enterprise server 15 SP2
2.13.4-150200.3.14.1
fixed
suse enterprise server 15 SP3
2.13.6-150300.3.24.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.5.18.1
fixed
suse enterprise server 15 SP5
3.0.4-150500.11.18.1
fixed
apparmor-abstractions
suse enterprise desktop 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise desktop 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise server 15 SP2
2.13.4-150200.3.14.1
fixed
suse enterprise server 15 SP3
2.13.6-150300.3.24.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.5.18.1
fixed
suse enterprise server 15 SP5
3.0.4-150500.11.18.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise server 15 SP7
3.1.7-150600.5.9.1
fixed
apparmor-docs
suse enterprise desktop 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise desktop 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise server 12 SP5
2.8.2-56.26.1
fixed
suse enterprise server 15 SP2
2.13.4-150200.3.14.1
fixed
suse enterprise server 15 SP3
2.13.6-150300.3.24.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.5.18.1
fixed
suse enterprise server 15 SP5
3.0.4-150500.11.18.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise server 15 SP7
3.1.7-150600.5.9.1
fixed
apparmor-parser
suse enterprise desktop 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise desktop 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise server 12 SP5
2.8.2-56.26.1
fixed
suse enterprise server 15 SP2
2.13.4-150200.3.14.1
fixed
suse enterprise server 15 SP3
2.13.6-150300.3.24.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.5.18.1
fixed
suse enterprise server 15 SP5
3.0.4-150500.11.18.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise server 15 SP7
3.1.7-150600.5.9.1
fixed
apparmor-parser-lang
suse enterprise desktop 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise desktop 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise server 15 SP2
2.13.4-150200.3.14.1
fixed
suse enterprise server 15 SP3
2.13.6-150300.3.24.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.5.18.1
fixed
suse enterprise server 15 SP5
3.0.4-150500.11.18.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise server 15 SP7
3.1.7-150600.5.9.1
fixed
apparmor-profiles
suse enterprise desktop 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise desktop 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise server 12 SP5
2.8.2-56.26.1
fixed
suse enterprise server 15 SP2
2.13.4-150200.3.14.1
fixed
suse enterprise server 15 SP3
2.13.6-150300.3.24.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.5.18.1
fixed
suse enterprise server 15 SP5
3.0.4-150500.11.18.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise server 15 SP7
3.1.7-150600.5.9.1
fixed
apparmor-utils
suse enterprise desktop 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise desktop 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise server 12 SP5
2.8.2-56.26.1
fixed
suse enterprise server 15 SP2
2.13.4-150200.3.14.1
fixed
suse enterprise server 15 SP3
2.13.6-150300.3.24.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.5.18.1
fixed
suse enterprise server 15 SP5
3.0.4-150500.11.18.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise server 15 SP7
3.1.7-150600.5.9.1
fixed
apparmor-utils-lang
suse enterprise desktop 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise desktop 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise server 15 SP2
2.13.4-150200.3.14.1
fixed
suse enterprise server 15 SP3
2.13.6-150300.3.24.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.5.18.1
fixed
suse enterprise server 15 SP5
3.0.4-150500.11.18.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise server 15 SP7
3.1.7-150600.5.9.1
fixed
libapparmor-devel
suse enterprise desktop 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise desktop 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise server 12 SP5
2.8.2-56.26.1
fixed
suse enterprise server 15 SP2
2.13.4-150200.3.14.1
fixed
suse enterprise server 15 SP3
2.13.6-150300.3.24.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.5.18.1
fixed
suse enterprise server 15 SP5
3.0.4-150500.11.18.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise server 15 SP7
3.1.7-150600.5.9.1
fixed
libapparmor1
suse enterprise desktop 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise desktop 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise server 12 SP5
2.8.2-56.26.1
fixed
suse enterprise server 15 SP2
2.13.4-150200.3.14.1
fixed
suse enterprise server 15 SP3
2.13.6-150300.3.24.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.5.18.1
fixed
suse enterprise server 15 SP5
3.0.4-150500.11.18.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise server 15 SP7
3.1.7-150600.5.9.1
fixed
libapparmor1-32bit
suse enterprise desktop 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise desktop 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise server 12 SP5
2.8.2-56.26.1
fixed
suse enterprise server 15 SP2
2.13.4-150200.3.14.1
fixed
suse enterprise server 15 SP3
2.13.6-150300.3.24.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.5.18.1
fixed
suse enterprise server 15 SP5
3.0.4-150500.11.18.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise server 15 SP7
3.1.7-150600.5.9.1
fixed
pam
suse enterprise desktop 15 SP6
1.3.0-150000.6.86.1
fixed
suse enterprise desktop 15 SP7
1.3.0-150000.6.86.1
fixed
suse enterprise sap 15 SP6
1.3.0-150000.6.86.1
fixed
suse enterprise sap 15 SP7
1.3.0-150000.6.86.1
fixed
suse enterprise server 12 SP3
1.1.8-24.77.1
fixed
suse enterprise server 15 SP2
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP3
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP4
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP5
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP6
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP7
1.3.0-150000.6.86.1
fixed
pam-32bit
suse enterprise desktop 15 SP6
1.3.0-150000.6.86.1
fixed
suse enterprise desktop 15 SP7
1.3.0-150000.6.86.1
fixed
suse enterprise sap 15 SP6
1.3.0-150000.6.86.1
fixed
suse enterprise sap 15 SP7
1.3.0-150000.6.86.1
fixed
suse enterprise server 12 SP3
1.1.8-24.77.1
fixed
suse enterprise server 15 SP2
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP3
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP4
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP5
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP6
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP7
1.3.0-150000.6.86.1
fixed
pam-devel
suse enterprise desktop 15 SP6
1.3.0-150000.6.86.1
fixed
suse enterprise desktop 15 SP7
1.3.0-150000.6.86.1
fixed
suse enterprise sap 15 SP6
1.3.0-150000.6.86.1
fixed
suse enterprise sap 15 SP7
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP2
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP3
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP4
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP5
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP6
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP7
1.3.0-150000.6.86.1
fixed
pam-devel-32bit
suse enterprise desktop 15 SP6
1.3.0-150000.6.86.1
fixed
suse enterprise desktop 15 SP7
1.3.0-150000.6.86.1
fixed
suse enterprise sap 15 SP6
1.3.0-150000.6.86.1
fixed
suse enterprise sap 15 SP7
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP2
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP3
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP4
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP5
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP6
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP7
1.3.0-150000.6.86.1
fixed
pam-doc
suse enterprise desktop 15 SP6
1.3.0-150000.6.86.1
fixed
suse enterprise desktop 15 SP7
1.3.0-150000.6.86.1
fixed
suse enterprise sap 15 SP6
1.3.0-150000.6.86.1
fixed
suse enterprise sap 15 SP7
1.3.0-150000.6.86.1
fixed
suse enterprise server 12 SP3
1.1.8-24.77.1
fixed
suse enterprise server 15 SP2
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP3
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP4
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP5
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP6
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP7
1.3.0-150000.6.86.1
fixed
pam-extra
suse enterprise desktop 15 SP6
1.3.0-150000.6.86.1
fixed
suse enterprise desktop 15 SP7
1.3.0-150000.6.86.1
fixed
suse enterprise sap 15 SP6
1.3.0-150000.6.86.1
fixed
suse enterprise sap 15 SP7
1.3.0-150000.6.86.1
fixed
suse enterprise server 12 SP3
1.1.8-24.77.1
fixed
suse enterprise server 15 SP2
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP3
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP4
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP5
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP6
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP7
1.3.0-150000.6.86.1
fixed
pam-extra-32bit
suse enterprise desktop 15 SP6
1.3.0-150000.6.86.1
fixed
suse enterprise desktop 15 SP7
1.3.0-150000.6.86.1
fixed
suse enterprise sap 15 SP6
1.3.0-150000.6.86.1
fixed
suse enterprise sap 15 SP7
1.3.0-150000.6.86.1
fixed
suse enterprise server 12 SP3
1.1.8-24.77.1
fixed
suse enterprise server 15 SP2
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP3
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP4
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP5
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP6
1.3.0-150000.6.86.1
fixed
suse enterprise server 15 SP7
1.3.0-150000.6.86.1
fixed
pam_apparmor
suse enterprise desktop 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise desktop 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise server 12 SP5
2.8.2-56.26.1
fixed
suse enterprise server 15 SP2
2.13.4-150200.3.14.1
fixed
suse enterprise server 15 SP3
2.13.6-150300.3.24.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.5.18.1
fixed
suse enterprise server 15 SP5
3.0.4-150500.11.18.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise server 15 SP7
3.1.7-150600.5.9.1
fixed
pam_apparmor-32bit
suse enterprise desktop 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise desktop 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise server 12 SP5
2.8.2-56.26.1
fixed
suse enterprise server 15 SP2
2.13.4-150200.3.14.1
fixed
suse enterprise server 15 SP3
2.13.6-150300.3.24.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.5.18.1
fixed
suse enterprise server 15 SP5
3.0.4-150500.11.18.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise server 15 SP7
3.1.7-150600.5.9.1
fixed
perl-apparmor
suse enterprise desktop 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise desktop 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise server 12 SP5
2.8.2-56.26.1
fixed
suse enterprise server 15 SP2
2.13.4-150200.3.14.1
fixed
suse enterprise server 15 SP3
2.13.6-150300.3.24.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.5.18.1
fixed
suse enterprise server 15 SP5
3.0.4-150500.11.18.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise server 15 SP7
3.1.7-150600.5.9.1
fixed
python3-apparmor
suse enterprise desktop 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise desktop 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise sap 15 SP7
3.1.7-150600.5.9.1
fixed
suse enterprise server 15 SP2
2.13.4-150200.3.14.1
fixed
suse enterprise server 15 SP3
2.13.6-150300.3.24.1
fixed
suse enterprise server 15 SP4
3.0.4-150400.5.18.1
fixed
suse enterprise server 15 SP5
3.0.4-150500.11.18.1
fixed
suse enterprise server 15 SP6
3.1.7-150600.5.9.1
fixed
suse enterprise server 15 SP7
3.1.7-150600.5.9.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
pam
RHEL 8
0:1.3.1-36.el8_10
fixed
RHEL 9
0:1.5.1-21.el9_5
fixed
pam-devel
RHEL 8
0:1.3.1-36.el8_10
fixed
RHEL 9
0:1.5.1-21.el9_5
fixed
pam-docs
RHEL 9
0:1.5.1-21.el9_5
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2024:10379
https://access.redhat.com/errata/RHSA-2024:11250
https://access.redhat.com/errata/RHSA-2024:9941
https://access.redhat.com/security/cve/CVE-2024-10041
https://bugzilla.redhat.com/show_bug.cgi?id=2319212