Bug 2372512 (CVE-2025-6020)

Summary: CVE-2025-6020 linux-pam: Linux-pam directory Traversal
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: adudiak, kshier, omaciel, security-response-team, stcannon, villapla, yguenane
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Deadline: 2025-06-17   

Description OSIDB Bzimport 2025-06-12 16:42:52 UTC 
The module pam_namespace in linux-pam <= 1.7.0 may access user-controlled paths without proper protections, which allows a local user to elevate their privileges to root via multiple symlink attacks and race conditions.
Comment 2 errata-xmlrpc 2025-06-24 12:14:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:9526 https://access.redhat.com/errata/RHSA-2025:9526
Comment 3 errata-xmlrpc 2025-07-01 08:17:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2025:10024 https://access.redhat.com/errata/RHSA-2025:10024
Comment 4 errata-xmlrpc 2025-07-01 08:44:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:10027 https://access.redhat.com/errata/RHSA-2025:10027
Comment 5 errata-xmlrpc 2025-07-02 05:21:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2025:10180 https://access.redhat.com/errata/RHSA-2025:10180
Comment 10 errata-xmlrpc 2025-07-07 02:00:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Via RHSA-2025:10361 https://access.redhat.com/errata/RHSA-2025:10361
Comment 11 errata-xmlrpc 2025-07-07 02:11:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2025:10362 https://access.redhat.com/errata/RHSA-2025:10362
Comment 12 errata-xmlrpc 2025-07-07 02:23:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2025:10359 https://access.redhat.com/errata/RHSA-2025:10359
Comment 13 errata-xmlrpc 2025-07-07 02:23:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2025:10357 https://access.redhat.com/errata/RHSA-2025:10357
Comment 14 errata-xmlrpc 2025-07-07 02:32:36 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2025:10358 https://access.redhat.com/errata/RHSA-2025:10358
Comment 15 errata-xmlrpc 2025-07-07 02:33:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2025:10354 https://access.redhat.com/errata/RHSA-2025:10354
Comment 27 errata-xmlrpc 2025-07-17 15:27:09 UTC 
This issue has been addressed in the following products:

  RHEL-8 based Middleware Containers

Via RHSA-2025:11386 https://access.redhat.com/errata/RHSA-2025:11386
Comment 40 errata-xmlrpc 2025-08-26 01:27:24 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2025:14557 https://access.redhat.com/errata/RHSA-2025:14557
Comment 45 errata-xmlrpc 2025-09-03 00:50:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2025:15099 https://access.redhat.com/errata/RHSA-2025:15099
Comment 46 errata-xmlrpc 2025-09-04 16:30:04 UTC 
This issue has been addressed in the following products:

  RHEL-8 based Middleware Containers

Via RHSA-2025:15358 https://access.redhat.com/errata/RHSA-2025:15358
Comment 48 errata-xmlrpc 2025-09-15 15:13:27 UTC 
This issue has been addressed in the following products:

  Red Hat Web Terminal 1.12 on RHEL 9

Via RHSA-2025:15827 https://access.redhat.com/errata/RHSA-2025:15827
Comment 49 errata-xmlrpc 2025-09-15 15:14:15 UTC 
This issue has been addressed in the following products:

  Red Hat Web Terminal 1.11 on RHEL 9

Via RHSA-2025:15828 https://access.redhat.com/errata/RHSA-2025:15828
Comment 68 errata-xmlrpc 2025-11-11 09:15:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2025:20181 https://access.redhat.com/errata/RHSA-2025:20181
Comment 69 errata-xmlrpc 2025-11-25 06:14:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2025:22019 https://access.redhat.com/errata/RHSA-2025:22019