CVE-2025-6020
CVE-2025-6020
7.8
HighPublished:
Last updated:
Source:secalert@redhat.com
Deferred
Weakness (CWE)
CVSS Vector
v3.1- Attack Vector
- Local
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- None
- Scope
- Unchanged
- Confidentiality
- High
- Integrity
- High
- Availability
- High
Description
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
References
secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10024secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10027secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10180secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10354secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10357secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10358secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10359secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10361secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10362secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10735secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:10823secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:11386secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:11487secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:14557secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:15099secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:15709secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:15827secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:15828secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:16524secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:17181secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:18219secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:20181secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:21885secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:22019secalert@redhat.com
https://access.redhat.com/errata/RHSA-2025:9526secalert@redhat.com
https://access.redhat.com/errata/RHSA-2026:0934secalert@redhat.com
https://access.redhat.com/security/cve/CVE-2025-6020secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2372512af854a3a-2127-422b-91ae-364da2661108
http://www.openwall.com/lists/oss-security/2025/06/17/1af854a3a-2127-422b-91ae-364da2661108
https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html0b142b55-0307-4c5a-b3c9-f314f3fb7c5e
https://cert-portal.siemens.com/productcert/html/ssa-577017.html