CVE-2025-8941

Summary

A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support0:1.1.8-23.el7_9.2 < *unaffected
Red HatRed Hat Enterprise Linux 80:1.3.1-38.el8_10 < *unaffected
Red HatRed Hat Enterprise Linux 8.2 Advanced Update Support0:1.3.1-8.el8_2.2 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support0:1.3.1-14.el8_4.2 < *unaffected
Red HatRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On0:1.3.1-14.el8_4.2 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support0:1.3.1-16.el8_6.3 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service0:1.3.1-16.el8_6.3 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions0:1.3.1-16.el8_6.3 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service0:1.3.1-26.el8_8.2 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions0:1.3.1-26.el8_8.2 < *unaffected
Red HatRed Hat Enterprise Linux 90:1.5.1-26.el9_6 < *unaffected
Red HatRed Hat Enterprise Linux 90:1.5.1-26.el9_6 < *unaffected
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions0:1.5.1-9.el9_0.3 < *unaffected
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions0:1.5.1-15.el9_2.2 < *unaffected
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support0:1.5.1-24.el9_4.1 < *unaffected
Red HatRed Hat Web Terminal 1.11 on RHEL 91.11-19 < *unaffected
Red HatRed Hat Web Terminal 1.11 on RHEL 91.11-8 < *unaffected
Red HatRed Hat Web Terminal 1.12 on RHEL 91.12-4 < *unaffected
Red Hatcert-manager operator for Red Hat OpenShift 1.16sha256:330e8b5ab4841a21f8f5f23cc7fb192197872f11639b12bf4b1e70831f636323 < *unaffected
Red HatCompliance Operator 1sha256:c953e9f9abf9cf25bf65bb3ffdc86ccf49b3e69a1cf3fbb47b6972e421fd6628 < *unaffected
Red HatRed Hat Discovery 2sha256:c85cfbcaf7888885e57596b7b8bde3894718cfc33326499b24961a66a62cf083 < *unaffected
Red HatRed Hat Insights proxy 1.5sha256:4ca38b33efec0d2dd17a8fd822a7c18281810676ceabb0c1db90953cb91cd5ea < *unaffected
Red HatRed Hat OpenShift sandboxed containers 1.1sha256:24722900db1425bf0c27f6ad6f3fb7d79ff9ebc433bdab58423fa71bab76122b < *unaffected
Red HatRed Hat OpenShift sandboxed containers 1.1sha256:f5e1602d72177d77f1b879c76e6f6cfbc2979c136c06ca9f03ea97ffb369b7a6 < *unaffected
Red HatRed Hat OpenShift sandboxed containers 1.1sha256:cead623ceda4048cabaa81c371ed2a8143f5c5514276fca1d71685bd9e6d1e65 < *unaffected
Red HatRed Hat OpenShift sandboxed containers 1.1sha256:59fb1f7f1653361d94f7d48b42d8fe19ed3263c1c78654837c11f2135544c1ac < *unaffected

Weaknesses

  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Workarounds

Disable the pam_namespace module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like /tmp.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References