Segmentation Fault in PAM-PKCS#11 Module for Linux-PAM with X.509 Certificate Login
CVE-2025-24031

5.1MEDIUM

Key Information:

Vendor

Opensc

Status
Pam Pkcs11
Vendor
CVE Published:
10 February 2025

What is CVE-2025-24031?

The PAM-PKCS#11 module for Linux-PAM is subject to a vulnerability that triggers a segmentation fault when users input no PIN during login. In versions 0.6.12 and earlier, the pam_pkcs11 module fails to initialize the password buffer pointer upon skipping the PIN entry, leading to a dereference of an uninitialized pointer. This can result in system instability as daemons utilizing the PAM module may crash, severely impacting the availability of services. As of the current date, no patches have been released to address this issue.

Affected Version(s)

pam_pkcs11 <= 0.6.12

References

https://github.com/OpenSC/pam_pkcs11/security/advisories/...
x_refsource_CONFIRM
https://github.com/OpenSC/pam_pkcs11/blob/bb2e3f3a95e44fd...
x_refsource_MISC
https://github.com/OpenSC/pam_pkcs11/blob/bb2e3f3a95e44fd...
x_refsource_MISC

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.