Description
A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an out-of-bounds read when processed by functions like snprintf(). A local attacker could potentially trigger this vulnerability by initiating a crafted passkey authentication request, causing the SSSD PAM responder to crash, resulting in a local Denial of Service (DoS).
Published: 2026-04-15
Score: 5.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local Denial of Service
Action: Monitor
AI Analysis

Impact

A flaw in the System Security Services Daemon (SSSD) causes an out‑of‑bounds read when pam_passkey_child_read_data() processes raw bytes from a pipe as a NUL‑terminated C string. The missing explicit termination leads to a crash when functions such as snprintf() read past the buffer end, allowing a local attacker to trigger a passkey authentication request that crashes the PAM responder and results in a denial of service.

Affected Systems

The vulnerability affects Red Hat Enterprise Linux 10, 6, 7, 8, 9 and Red Hat OpenShift Container Platform 4, specifically systems that have the PAM passkey authentication module enabled.

Risk and Exploitability

With a CVSS score of 5.5 the severity is moderate. Exploitation requires local access to craft a passkey request; no publicly available exploit code is known and the EPSS score is not available. The vulnerability is not listed in the CISA KEV catalog, suggesting a low to moderate likelihood of exploitation in the wild, but any local attacker could cause service disruption.

Generated by OpenCVE AI on April 15, 2026 at 22:12 UTC.

Remediation

Vendor Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

OpenCVE Recommended Actions

  • Apply the Red Hat update that corrects the SSSD PAM responder when it becomes available.
  • If a patch cannot be applied immediately, remove or disable the passkey authentication module from the PAM configuration on affected systems to block the attack vector.
  • Restrict local accounts that can invoke the PAM passkey responder by applying least‑privilege policies so that only trusted users are allowed to initiate passkey authentication.

Generated by OpenCVE AI on April 15, 2026 at 22:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 16 Apr 2026 09:30:00 +0000

Type Values Removed Values Added
First Time appeared Redhat openshift Container Platform
Vendors & Products Redhat openshift Container Platform

Thu, 16 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Wed, 15 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 15 Apr 2026 19:00:00 +0000

Type Values Removed Values Added
Description A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an out-of-bounds read when processed by functions like snprintf(). A local attacker could potentially trigger this vulnerability by initiating a crafted passkey authentication request, causing the SSSD PAM responder to crash, resulting in a local Denial of Service (DoS).
Title Sssd: out-of-bounds read in the sssd
First Time appeared Redhat
Redhat enterprise Linux
Redhat openshift
Weaknesses CWE-805
CPEs cpe:/a:redhat:openshift:4
cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
Redhat openshift
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Redhat Enterprise Linux Openshift Openshift Container Platform
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-04-15T20:01:50.488Z

Reserved: 2026-04-13T17:31:43.481Z

Link: CVE-2026-6245

cve-icon Vulnrichment

Updated: 2026-04-15T19:36:41.981Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-15T19:16:38.250

Modified: 2026-04-17T15:08:01.337

Link: CVE-2026-6245

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-15T18:20:05Z

Links: CVE-2026-6245 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T09:12:25Z

Weaknesses