CVE-2024-10041 Vulnerability Details

  /     /     /  

CVE-2024-10041 Metadata Quick Info

CVE Published: 23/10/2024 | CVE Updated: 26/11/2024 | CVE Year: 2024
Source: redhat | Vendor: Red Hat | Product: Red Hat Enterprise Linux 8
Status : PUBLISHED

---

CVE-2024-10041 Description

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-922
CWE Name: Insecure Storage of Sensitive Information
Source: Red Hat

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).