CVE-2025-6020

NameCVE-2025-6020
DescriptionA flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-4306-1
Debian Bugs1107919

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pam (PTS)bullseye1.4.0-9+deb11u1vulnerable
bullseye (security)1.4.0-9+deb11u2fixed
bookworm1.5.2-6+deb12u1vulnerable
forky, sid, trixie1.7.0-5fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pamsourceexperimental1.7.0-4
pamsourcebullseye1.4.0-9+deb11u2DLA-4306-1
pamsource(unstable)1.7.0-51107919

Notes

[bookworm] - pam <no-dsa> (Can be fixed via point release)
https://www.openwall.com/lists/oss-security/2025/06/17/1
https://github.com/linux-pam/linux-pam/security/advisories/GHSA-f9p8-gjr4-j9gx
Fixed by: https://github.com/linux-pam/linux-pam/commit/475bd60c552b98c7eddb3270b0b4196847c0072e (v1.7.1)
Fixed by: https://github.com/linux-pam/linux-pam/commit/592d84e1265d04c3104acee815a503856db503a1 (v1.7.1)
Fixed by: https://github.com/linux-pam/linux-pam/commit/976c20079358d133514568fc7fd95c02df8b5773 (v1.7.1)

Search for package or bug name: Reporting problems