The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 34.6%