{"id":"CVE-2024-22365","details":"linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.","modified":"2026-04-16T04:32:24.349947970Z","published":"2024-02-06T08:15:52.203Z","related":["ALSA-2024:2438","ALSA-2024:3163","SUSE-SU-2024:0136-1","SUSE-SU-2024:0136-2","SUSE-SU-2024:0137-1","openSUSE-SU-2024:13616-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html"},{"type":"ADVISORY","url":"https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2024/01/18/3"},{"type":"FIX","url":"https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb"},{"type":"PACKAGE","url":"https://github.com/linux-pam/linux-pam"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/linux-pam/linux-pam","events":[{"introduced":"0"},{"fixed":"2dc3367c5f593eb54af4ef31e7c2d100f73eb364"},{"fixed":"031bb5a5d0d950253b68138b498dc93be69a64cb"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.6.0"}]}}],"versions":["Linux-PAM-0-73","Linux-PAM-0-74","Linux-PAM-0-75","Linux-PAM-0-76","Linux-PAM-0-77","Linux-PAM-0-78","Linux-PAM-0-78-Beta1","Linux-PAM-0-79","Linux-PAM-0-80","Linux-PAM-0_99_10_0","Linux-PAM-0_99_1_0","Linux-PAM-0_99_2_0","Linux-PAM-0_99_2_1","Linux-PAM-0_99_3_0","Linux-PAM-0_99_4_0","Linux-PAM-0_99_5_0","Linux-PAM-0_99_6_0","Linux-PAM-0_99_6_1","Linux-PAM-0_99_6_2","Linux-PAM-0_99_6_3","Linux-PAM-0_99_7_0","Linux-PAM-0_99_7_1","Linux-PAM-0_99_8_0","Linux-PAM-0_99_8_1","Linux-PAM-0_99_9_0","Linux-PAM-1.3.0","Linux-PAM-1_0_0","Linux-PAM-1_0_90","Linux-PAM-1_0_91","Linux-PAM-1_0_92","Linux-PAM-1_1-branch","Linux-PAM-1_1_0","Linux-PAM-1_1_1","Linux-PAM-1_1_2","Linux-PAM-1_1_3","Linux-PAM-1_1_4","Linux-PAM-1_1_5","Linux-PAM-1_1_7","Linux-PAM-1_1_8","Linux-PAM-1_2_0","Linux-PAM-1_2_1","before_automake","help","pam_unix_refactor","v1.1.4","v1.1.6","v1.3.1","v1.4.0","v1.5.0","v1.5.1","v1.5.2","v1.5.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-22365.json","vanir_signatures_modified":"2026-04-12T05:53:15Z","vanir_signatures":[{"source":"https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb","id":"CVE-2024-22365-0d9b4766","signature_version":"v1","digest":{"length":1531,"function_hash":"317394862203144709989130386479640475235"},"deprecated":false,"target":{"file":"modules/pam_namespace/pam_namespace.c","function":"protect_dir"},"signature_type":"Function"},{"source":"https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb","id":"CVE-2024-22365-dc62bac2","signature_version":"v1","digest":{"line_hashes":["315361314758271223131504809646670524424","274342128254364186845669624273126964804","243165300304827059543872687303100674872","14439829096304519645882936487136401689","338274363870015476195383967866140546131","116745845055591218600489517576033008348","180024089003612423939499687877557896201","221575547298412562554878386368683602590","40555050957129843894117549475199081623","153236430021528792440942208146795373822","2350868536207391044530206346117282129","315357110128630639407130175964933912227","93453105574852989025632254695904492653","251342175285314308319356243353633091552","192104678774776308035458189836391865851","186538112097541752208687172540304380044","67413296613178931678196517808204930857","257929399843640289293013953594365360605","8458228318959229779658951446056012742","88264999696557550687639361897120138533","288307341601122833603652759859671734352","294647349671456566599252592752094750223"],"threshold":0.9},"deprecated":false,"target":{"file":"modules/pam_namespace/pam_namespace.c"},"signature_type":"Line"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}