Out-of-Bounds Read Vulnerability in System Security Services Daemon by Red Hat
CVE-2026-6245

5.5MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 15 April 2026

What is CVE-2026-6245?

A vulnerability exists in the System Security Services Daemon (SSSD) where the pam_passkey_child_read_data() function mishandles raw bytes from a pipe. This flaw treats the incoming data as a NUL-terminated C string without proper termination, leading to an out-of-bounds read when processed by functions such as snprintf(). A local attacker could initiate a specially crafted passkey authentication request to exploit this issue, potentially leading to a crash of the SSSD PAM responder and resulting in a local Denial of Service (DoS).

References

https://access.redhat.com/security/cve/CVE-2026-6245

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2457954

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Apr 13, 2026

CVE-2026-6245 Data

JSON