products / linux_pam

Linux-PAM

Linux-PAM is the pluggable authentication layer for virtually all Linux distributions — login, sudo, SSH, and desktop sessions. NVD tracks it as cpe:2.3:a:linux-pam:linux-pam. Example responses are illustrative.

api usage

Querying Linux-PAM

product sluglinux_pam

version format1.5.2, 1.7.0, semver

bash

curl "https://api.attestd.io/v1/check?product=linux_pam&version=1.5.2" \
  -H "Authorization: Bearer $ATTESTD_KEY"

json

{
  "product": "linux_pam",
  "version": "1.5.2",
  "supported": true,
  "risk_state": "high",
  "risk_factors": [
    "denial_of_service",
    "patch_available",
    "local_attack_surface"
  ],
  "actively_exploited": false,
  "remote_exploitable": false,
  "authentication_required": false,
  "patch_available": true,
  "fixed_version": "1.5.3",
  "confidence": 0.72,
  "cve_ids": ["CVE-2024-22365", "CVE-2024-10041"],
  "last_updated": "2026-05-13T18:00:00Z",
  "supply_chain": null
}

safe version

bash

curl "https://api.attestd.io/v1/check?product=linux_pam&version=1.7.0" \
  -H "Authorization: Bearer $ATTESTD_KEY"

notable cves

CVE history

CVE	Description	CVSS
`CVE-2024-22365`	Local denial of service via improper handling of lock files in pam_env/pam_faillock paths.	5.5
`CVE-2024-10041`	Memory exposure / mishandling in PAM modules (local impact class).	5.5

All products OpenSSH OpenLDAP Response Field Reference