Description
A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of service that disrupts authentication. This vulnerability also presents a potential for privilege escalation, although it is difficult to exploit.
Published: 2026-06-30
Score: 6.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A use‑after‑free bug in the SSSD PAM responder causes the process to crash when authenticating with a YubiKey. The mishandled memory pointer can be triggered by a local attacker manipulating smartcard or YubiKey contents, leading to a denial of service that interrupts authentication. The flaw also presents a theoretical privilege escalation path, although it is difficult to exploit fully.

Affected Systems

The vulnerability affects Red Hat Enterprise Linux versions 6, 7, 8, 9, 10, Red Hat Hardened Images, and Red Hat OpenShift Container Platform 4. It impacts the sssd service running on these platforms.

Risk and Exploitability

The CVSS score of 6.4 indicates moderate severity, and the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog. The attack vector requires local access and the ability to influence YubiKey or smartcard input, so remote exploitation is unlikely based on the available information. If exploited, the denial of service could interrupt authentication services and potentially allow privilege escalation under certain conditions.

Generated by OpenCVE AI on June 30, 2026 at 10:23 UTC.

Remediation

Vendor Workaround

Configure the sssd systemd service to automatically restart on failure. This ensures authentication remains available even if an attacker triggers the denial-of-service crash.


OpenCVE Recommended Actions

  • Configure the sssd systemd service to automatically restart on failure, ensuring authentication remains available after a crash.
  • Limit YubiKey and smartcard usage to trusted devices and validate their input before use to reduce the risk of manipulation.
  • Keep the SSSD packages and the operating system updated; monitor Red Hat advisories for a formal patch that mitigates the use‑after‑free flaw.

Generated by OpenCVE AI on June 30, 2026 at 10:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Jul 2026 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat hardened Images
Redhat openshift Container Platform
Sssd
Sssd sssd
Vendors & Products Redhat hardened Images
Redhat openshift Container Platform
Sssd
Sssd sssd

Tue, 30 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 30 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Tue, 30 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of service that disrupts authentication. This vulnerability also presents a potential for privilege escalation, although it is difficult to exploit.
Title Sssd: use-after-free crash in sssd' 'sssd_pam' process
First Time appeared Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
Weaknesses CWE-825
CPEs cpe:/a:redhat:hummingbird:1
cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat hummingbird
Redhat openshift
References
Metrics cvssV3_1

{'score': 6.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}


Subscriptions

Redhat Enterprise Linux Hardened Images Hummingbird Openshift Openshift Container Platform
Sssd Sssd
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-06-30T15:20:29.634Z

Reserved: 2026-06-18T11:34:05.237Z

Link: CVE-2026-12610

cve-icon Vulnrichment

Updated: 2026-06-30T12:44:26.238Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-09T12:00:00Z

Links: CVE-2026-12610 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-07-01T10:02:15Z

Weaknesses
  • CWE-825

    Expired Pointer Dereference