CVE-2026-6245
Publication date 15 April 2026
Last updated 6 June 2026
Ubuntu priority
Description
A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Because the data is treated as a NUL-terminated C string without explicit termination, it results in an out-of-bounds read when processed by functions like snprintf(). A local attacker could potentially trigger this vulnerability by initiating a crafted passkey authentication request, causing the SSSD PAM responder to crash, resulting in a local Denial of Service (DoS).
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| sssd | 26.04 LTS resolute |
Fixed 2.12.0-1ubuntu5.1
|
| 25.10 questing |
Fixed 2.10.1-2ubuntu5.2
|
|
| 24.04 LTS noble |
Fixed 2.9.4-1.1ubuntu6.5
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
Notes
mdeslaur
introduced in 2.9.0 by: https://github.com/SSSD/sssd/commit/c76ba343b783718468a3a108346d424f9a70eb76
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
5.5 · Medium
|
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-8355-1
- SSSD vulnerability
- 1 June 2026