2344665 – (CVE-2025-24031) CVE-2025-24031 pam_pkcs11: PAM-PKCS#11 vulnerable to segmentation fault on ctrl-c/ctrl-d when asked for PIN

Bug 2344665 (CVE-2025-24031) - CVE-2025-24031 pam_pkcs11: PAM-PKCS#11 vulnerable to segmentation fault on ctrl-c/ctrl-d when asked for PIN

Summary: CVE-2025-24031 pam_pkcs11: PAM-PKCS#11 vulnerable to segmentation fault on ct...

Keywords:
Status:	NEW
Alias:	CVE-2025-24031
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-02-10 16:01 UTC by OSIDB Bzimport
Modified:	2025-02-11 15:28 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-02-10 16:01:06 UTC

PAM-PKCS#11 is a Linux-PAM login module that allows a X.509 certificate based user login. In versions 0.6.12 and prior, the pam_pkcs11 module segfaults when a user presses ctrl-c/ctrl-d when they are asked for a PIN. When a user enters no PIN at all, `pam_get_pwd` will never initialize the password buffer pointer and as such `cleanse` will try to dereference an uninitialized pointer. On my system this pointer happens to have the value 3 most of the time when running sudo and as such it will segfault. The most likely impact to a system affected by this issue is an availability impact due to a daemon that uses PAM crashing. As of time of publication, a patch for the issue is unavailable.

Note You need to log in before you can comment on or make changes to this bug.