REDHAT-BUG-2372512: Race Condition

Q: What is the severity of REDHAT-BUG-2372512?

The severity of REDHAT-BUG-2372512 is critical due to its potential for privilege escalation.

Q: How do I fix REDHAT-BUG-2372512?

To fix REDHAT-BUG-2372512, upgrade the Linux-PAM pam_namespace module to version 1.7.1 or higher.

Q: Who is affected by REDHAT-BUG-2372512?

Local users of Linux-PAM pam_namespace versions up to and including 1.7.0 are affected by REDHAT-BUG-2372512.

Q: What are the potential impacts of exploiting REDHAT-BUG-2372512?

Exploiting REDHAT-BUG-2372512 can allow local users to elevate their privileges to root, compromising system security.

Q: Is there a workaround for REDHAT-BUG-2372512 if I cannot upgrade?

There are no well-documented workarounds for REDHAT-BUG-2372512; the recommended action is to upgrade the affected module.

Published Jun 12, 2025

Updated

The module pamnamespace in linux-pam <= 1.7.0 may access user-controlled paths without proper protections, which allows a local user to elevate their privileges to root via multiple symlink attacks and race conditions.

Affected Software

1 affected component

Linux-PAM pam_namespace<=1.7.0

Event History

Jun 12, 2025

Data Sourced

via Red Hat·04:42 PM

DescriptionSeverityAffected Software

Frequently Asked Questions

What is the severity of REDHAT-BUG-2372512?

The severity of REDHAT-BUG-2372512 is critical due to its potential for privilege escalation.

How do I fix REDHAT-BUG-2372512?

To fix REDHAT-BUG-2372512, upgrade the Linux-PAM pam_namespace module to version 1.7.1 or higher.

Who is affected by REDHAT-BUG-2372512?

Local users of Linux-PAM pam_namespace versions up to and including 1.7.0 are affected by REDHAT-BUG-2372512.

What are the potential impacts of exploiting REDHAT-BUG-2372512?

Exploiting REDHAT-BUG-2372512 can allow local users to elevate their privileges to root, compromising system security.

Is there a workaround for REDHAT-BUG-2372512 if I cannot upgrade?