CVE-2024-10041

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-10041

CGA ID

CGA-w8gr-f9vv-8r9h

Severity

4.7

Medium

CVSS V3

Description

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

References

https://images.chainguard.dev/security/CGA-w8gr-f9vv-8r9h
https://github.com/advisories/GHSA-7gm5-m2xc-vh2j
https://access.redhat.com/errata/RHSA-2024:10379
https://access.redhat.com/errata/RHSA-2024:11250
https://access.redhat.com/errata/RHSA-2024:9941
https://bugzilla.redhat.com/show_bug.cgi?id=2319212
https://access.redhat.com/security/cve/CVE-2024-10041
https://security-tracker.debian.org/tracker/CVE-2024-10041

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2024-10041

Severity

Description

References

Affected packages

Product

Why Chainguard

Customers

Company

Resources