CVE-2024-10041

Pam: libpam: libpam vulnerable to read hashed password

Description

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

Remediation

Workaround:

  • This vulnerability is mitigated if SELinux is in Enforcing mode. To verify if SELinux is in Enforcing mode, the output of the `getenforce` command will return `Enforcing', see the example below: ~~~ $ getenforce Enforcing ~~~ To more information about SELinux, specifically how to set it to Enforcing mode, see the links below. https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html-single/using_selinux/index#changing-to-enforcing-mode_changing-selinux-states-and-modes https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/using_selinux/index#changing-to-enforcing-mode_changing-selinux-states-and-modes

Category

4.7
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.03%
Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com
Affected: Red Hat Red Hat Enterprise Linux 8
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9
Affected: Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support
Affected: Red Hat Red Hat Enterprise Linux 10
Affected: Red Hat Red Hat Enterprise Linux 7
Published at:
Updated at:

References

Link Tags
https://access.redhat.com/errata/RHSA-2024:10379 vendor advisory
https://access.redhat.com/errata/RHSA-2024:11250 vendor advisory
https://access.redhat.com/errata/RHSA-2024:9941 vendor advisory
https://access.redhat.com/security/cve/CVE-2024-10041 mitigation vdb entry third party advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2319212 issue tracking third party advisory

Frequently Asked Questions

What is the severity of CVE-2024-10041?
CVE-2024-10041 has been scored as a medium severity vulnerability.
How to fix CVE-2024-10041?
As a workaround for remediating CVE-2024-10041: This vulnerability is mitigated if SELinux is in Enforcing mode. To verify if SELinux is in Enforcing mode, the output of the `getenforce` command will return `Enforcing', see the example below: ~~~ $ getenforce Enforcing ~~~ To more information about SELinux, specifically how to set it to Enforcing mode, see the links below. https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html-single/using_selinux/index#changing-to-enforcing-mode_changing-selinux-states-and-modes https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/using_selinux/index#changing-to-enforcing-mode_changing-selinux-states-and-modes
Is CVE-2024-10041 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-10041 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-10041?
CVE-2024-10041 affects Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9.4 Extended Update Support, Red Hat Red Hat Enterprise Linux 10, Red Hat Red Hat Enterprise Linux 7.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.