CVE-2024-22365

Summary

CVE-2024-22365 is a newly disclosed vulnerability affecting Linux PAM (Pluggable Authentication Modules) before version 1.6.0. This issue permits denial-of-service attacks, resulting in a blocked login process. The root cause lies in the openat call used by protect_dir, which fails to include O_DIRECTORY, allowing attackers to create a mkfifo (make a named pipe) file in a restrictive directory, thus causing a service disruption.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.