SUSE update for gdm

1) Configuration

EUVDB-ID: #VU111387

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2025-6018

CWE-ID: CWE-16 - Configuration

Exploit availability: Yes

Description

The issue may allow a local user to escalate privileges on the system.

The issue exists due an error in the PAM configuration of openSUSE Leap 15 and SUSE Linux Enterprise 15. An unprivileged user who logs in via sshd can force the pam_env module to add arbitrary variables to PAM's environment, leading to arbitrary code execution as root. 

Mitigation

Update the affected package gdm to the latest version.

Vulnerable software versions

SUSE Linux Enterprise High Performance Computing LTSS 15: SP4 - SP5

SUSE Linux Enterprise High Performance Computing ESPOS 15: SP4 - SP5

SUSE Linux Enterprise Server 15 SP5: LTSS

SUSE Linux Enterprise Server 15 SP4: LTSS

SUSE Linux Enterprise Server for SAP Applications 15: SP4 - SP5

SUSE Linux Enterprise Server 15: SP4 - SP5

SUSE Linux Enterprise High Performance Computing 15: SP4 - SP5

openSUSE Leap: 15.4

gdm-schema: before 41.3-150400.4.14.1

gdm-branding-upstream: before 41.3-150400.4.14.1

gdm-systemd: before 41.3-150400.4.14.1

gdmflexiserver: before 41.3-150400.4.14.1

gdm-lang: before 41.3-150400.4.14.1

libgdm1: before 41.3-150400.4.14.1

gdm-devel: before 41.3-150400.4.14.1

gdm-debuginfo: before 41.3-150400.4.14.1

libgdm1-debuginfo: before 41.3-150400.4.14.1

gdm: before 41.3-150400.4.14.1

gdm-debugsource: before 41.3-150400.4.14.1

typelib-1_0-Gdm-1_0: before 41.3-150400.4.14.1

CPE2.3

• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP4:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_ltss_15:SP5:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP4:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_espos_15:SP5:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp5:LTSS:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_15_sp4:LTSS:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP4:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_for_sap_applications_15:SP5:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP4:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_server_15:SP5:*:*:*:*:*:*:*
• cpe:2.3:o:suse:suse_linux_enterprise_high_performance_computing_15:SP4:*:*:*:*:*:*:*
• cpe:2.3:o:suse:opensuse_leap:15.4:*:*:*:*:*:*:*
• cpe:2.3:a:suse:gdm-schema:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:gdm-branding-upstream:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:gdm-systemd:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:gdmflexiserver:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:gdm-lang:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:libgdm1:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:gdm-devel:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:gdm-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:libgdm1-debuginfo:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:gdm:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:gdm-debugsource:*:*:*:*:*:suse_linux:*:*
• cpe:2.3:a:suse:typelib-1_0-gdm-1_0:*:*:*:*:*:suse_linux:*:*

External links

https://www.suse.com/support/update/announcement/2025/suse-su-202502004-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.