A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
Fixes

Solution

No solution given by the vendor.


Workaround

Disable the `pam_namespace` module if it is not essential for your environment, or carefully review and configure it to avoid operating on any directories or paths that can be influenced or controlled by unprivileged users, such as user home directories or world-writable locations like `/tmp`.

History

Mon, 15 Sep 2025 18:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:webterminal:1.12::el9
References

Mon, 15 Sep 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat webterminal
CPEs cpe:/a:redhat:webterminal:1.11::el9
Vendors & Products Redhat webterminal
References

Thu, 11 Sep 2025 15:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat confidential Compute Attestation
CPEs cpe:/a:redhat:confidential_compute_attestation:1.10::el9
Vendors & Products Redhat confidential Compute Attestation
References

Wed, 03 Sep 2025 03:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Els
Redhat rhel Eus
Redhat rhel Tus
CPEs cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:9
cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/a:redhat:rhel_e4s:9.2::appstream
cpe:/a:redhat:rhel_eus:9.4::appstream
cpe:/o:redhat:enterprise_linux:9::baseos
cpe:/o:redhat:rhel_aus:8.6::baseos
cpe:/o:redhat:rhel_e4s:8.6::baseos
cpe:/o:redhat:rhel_e4s:8.8::baseos
cpe:/o:redhat:rhel_e4s:9.2::baseos
cpe:/o:redhat:rhel_els:7
cpe:/o:redhat:rhel_eus:9.4::baseos
cpe:/o:redhat:rhel_tus:8.6::baseos
cpe:/o:redhat:rhel_tus:8.8::baseos
Vendors & Products Redhat rhel Els
Redhat rhel Eus
Redhat rhel Tus
References

Wed, 03 Sep 2025 01:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Aus
Redhat rhel Eus Long Life
CPEs cpe:/o:redhat:rhel_aus:8.2::baseos
cpe:/o:redhat:rhel_aus:8.4::baseos
cpe:/o:redhat:rhel_eus_long_life:8.4::baseos
Vendors & Products Redhat rhel Aus
Redhat rhel Eus Long Life
References

Wed, 03 Sep 2025 01:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel E4s
CPEs cpe:/a:redhat:rhel_e4s:9.0::appstream
cpe:/o:redhat:rhel_e4s:9.0::baseos
Vendors & Products Redhat rhel E4s
References

Mon, 01 Sep 2025 09:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:8::baseos
References

Thu, 14 Aug 2025 06:30:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Wed, 13 Aug 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 13 Aug 2025 14:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
Title Linux-pam: incomplete fix for cve-2025-6020
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-22
CPEs cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-15T17:57:31.811Z

Reserved: 2025-08-13T12:24:47.522Z

Link: CVE-2025-8941

cve-icon Vulnrichment

Updated: 2025-08-13T14:50:43.534Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-13T15:15:41.873

Modified: 2025-09-15T18:15:40.257

Link: CVE-2025-8941

cve-icon Redhat

Severity : Important

Publid Date: 2025-08-13T00:00:00Z

Links: CVE-2025-8941 - Bugzilla

cve-icon OpenCVE Enrichment

No data.