CVE-2025-6020

Published: June 18, 2025Last modified: July 5, 2025

Description

A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.

Severity score breakdown

Status

References

• http://www.openwall.com/lists/oss-security/2025/06/17/1
• https://access.redhat.com/errata/RHSA-2025:10024
• https://access.redhat.com/errata/RHSA-2025:10027
• https://access.redhat.com/errata/RHSA-2025:10180
• https://access.redhat.com/errata/RHSA-2025:10354
• https://access.redhat.com/errata/RHSA-2025:10357
• https://access.redhat.com/errata/RHSA-2025:10358
• https://access.redhat.com/errata/RHSA-2025:10359
• https://access.redhat.com/errata/RHSA-2025:10361
• https://access.redhat.com/errata/RHSA-2025:10362
• https://access.redhat.com/errata/RHSA-2025:10735
• https://access.redhat.com/errata/RHSA-2025:10823
• https://access.redhat.com/errata/RHSA-2025:9526
• https://access.redhat.com/security/cve/CVE-2025-6020
• https://bugzilla.redhat.com/show_bug.cgi?id=2372512