PAM-PKCS#11 could be used to bypass authentication.
Software Description:
- pam-pkcs11: Fully featured PAM module for using PKCS#11 smart cards
Details:
Marcus Rückert and Matthias Gerstner discovered that PAM-PKCS#11 did not
properly handle certain return codes when authentication was not possible.
An attacker could possibly use this issue to bypass authentication. This
issue only affected Ubuntu 24.04 LTS and Ubuntu 24.10. (CVE-2025-24531)
It was discovered that PAM-PKCS#11 did not require a private key signature
for authentication by default. An attacker could possibly use this issue
to bypass authentication. (CVE-2025-24032)
The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 libpam-pkcs11 0.6.12-2ubuntu0.24.10.1 Ubuntu 24.04 LTS libpam-pkcs11 0.6.12-2ubuntu0.24.04.1 Ubuntu 22.04 LTS libpam-pkcs11 0.6.11-4ubuntu0.1 Ubuntu 20.04 LTS libpam-pkcs11 0.6.11-2ubuntu0.1 Ubuntu 18.04 LTS libpam-pkcs11 0.6.9-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS libpam-pkcs11 0.6.8-4ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-7363-1
CVE-2025-24032, CVE-2025-24531
Get the latest Linux and open source security news straight to your inbox.