CVE-2025-24031

EUVD-2025-3601
PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. In versions 0.6.12 and prior, the pam_pkcs11 module segfaults when a user presses ctrl-c/ctrl-d when they are asked for a PIN. When a user enters no PIN at all, `pam_get_pwd` will never initialize the password buffer pointer and as such `cleanse` will try to dereference an uninitialized pointer. On my system this pointer happens to have the value 3 most of the time when running sudo and as such it will segfault. The most likely impact to a system affected by this issue is an availability impact due to a daemon that uses PAM crashing. As of time of publication, a patch for the issue is unavailable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
Debian logo
Debian Releases
Debian Product
Codename
pam-pkcs11
bookworm
unimportant
bookworm (security)
unimportant
bullseye
unimportant
bullseye (security)
unimportant
forky
unimportant
sid
unimportant
trixie
unimportant
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
pam_pkcs11
suse enterprise desktop 15 SP6
0.6.10-150600.16.3.1
fixed
suse enterprise desktop 15 SP7
0.6.10-150600.16.3.1
fixed
suse enterprise sap 15 SP6
0.6.10-150600.16.3.1
fixed
suse enterprise sap 15 SP7
0.6.10-150600.16.3.1
fixed
suse enterprise server 15 SP4
0.6.10-150100.3.6.1
fixed
suse enterprise server 15 SP6
0.6.10-150600.16.3.1
fixed
suse enterprise server 15 SP7
0.6.10-150600.16.3.1
fixed
pam_pkcs11-32bit
suse enterprise desktop 15 SP6
0.6.10-150600.16.3.1
fixed
suse enterprise desktop 15 SP7
0.6.10-150600.16.3.1
fixed
suse enterprise sap 15 SP6
0.6.10-150600.16.3.1
fixed
suse enterprise sap 15 SP7
0.6.10-150600.16.3.1
fixed
suse enterprise server 15 SP4
0.6.10-150100.3.6.1
fixed
suse enterprise server 15 SP6
0.6.10-150600.16.3.1
fixed
suse enterprise server 15 SP7
0.6.10-150600.16.3.1
fixed
Common Weakness Enumeration
References
https://github.com/OpenSC/pam_pkcs11/blob/bb2e3f3a95e44fdf44b0d5a4b377db3179021380/src/pam_pkcs11/pam_pkcs11.c#L211
https://github.com/OpenSC/pam_pkcs11/blob/bb2e3f3a95e44fdf44b0d5a4b377db3179021380/src/pam_pkcs11/pam_pkcs11.c#L797
https://github.com/OpenSC/pam_pkcs11/security/advisories/GHSA-wvr3-c9x3-9mff
https://github.com/OpenSC/pam_pkcs11/security/advisories/GHSA-wvr3-c9x3-9mff