CVE-2026-6245
Out-of-Bounds Read in SSSD PAM Causes Local DoS
Publication date: 2026-04-15
Last updated on: 2026-04-15
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | system_security_services_daemon | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-805 | The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-6245 is a vulnerability in the System Security Services Daemon (SSSD) related to an out-of-bounds read error.
The flaw exists in the function pam_passkey_child_read_data() within the PAM passkey responder component of SSSD. This function improperly handles raw byte data received from a pipe by treating it as a NUL-terminated C string without ensuring explicit termination.
As a result, when functions such as snprintf() process this data, they may read beyond the intended buffer boundaries, causing an out-of-bounds read.
A local attacker can exploit this vulnerability by crafting a malicious passkey authentication request, which triggers the flaw and causes the SSSD PAM responder to crash.
This leads to a local Denial of Service (DoS) condition.
How can this vulnerability impact me? :
This vulnerability can be exploited by a local attacker to cause the System Security Services Daemon (SSSD) PAM responder to crash.
The impact of this crash is a local Denial of Service (DoS), which means legitimate users may be unable to authenticate or use services relying on SSSD during the crash.
Since the vulnerability requires local access and results in a DoS without compromising confidentiality or integrity, the impact is limited to availability disruption.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is triggered by a crafted passkey authentication request causing the SSSD PAM responder to crash locally. Detection involves monitoring for crashes or abnormal behavior of the sssd daemon related to PAM passkey authentication.
You can check system logs for crash reports or errors related to sssd or PAM authentication failures.
- Use journalctl to review recent sssd service logs: sudo journalctl -u sssd
- Check for core dumps or crash messages related to sssd in /var/log/messages or /var/log/syslog.
- Monitor PAM authentication logs for unusual passkey authentication failures: sudo grep pam_passkey /var/log/auth.log
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update the System Security Services Daemon (SSSD) to a version where the flaw in pam_passkey_child_read_data() is fixed.
Until a patch is applied, restrict local user access to prevent untrusted users from initiating crafted passkey authentication requests that could trigger the crash.
Additionally, monitor the sssd service for crashes and restart it promptly if it stops.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in CVE-2026-6245 causes a local Denial of Service (DoS) by crashing the System Security Services Daemon (SSSD) PAM responder through an out-of-bounds read. It does not involve unauthorized access, data leakage, or modification of data.
Because the vulnerability results only in a DoS condition without compromising confidentiality or integrity, it does not directly impact compliance with data protection standards such as GDPR or HIPAA, which primarily focus on protecting personal data privacy and security.
However, any service disruption caused by the DoS could indirectly affect availability requirements under these regulations, depending on the affected environment and criticality of the service.