Description

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

INFO

Published Date :

2024-10-23T13:46:27.963Z

Last Modified :

2025-11-20T18:11:42.832Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2024-10041 vulnerability.

Vendors Products
Linux-pam
  • Linux-pam
Redhat
  • Enterprise Linux
  • Rhel Eus
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-10041.

URL Resource
https://access.redhat.com/errata/RHSA-2024:10379 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:11250 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:9941 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2024-10041 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2319212 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-10041 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-10041 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact