OpenSSH has vulnerabilities CVE-2023-51384 and CVE-2023-51385 which are resolved in version 9.6 and above. Is PAM impacted by these two vulnerabilities?

PAM is not impacted by either vulnerability for the following reasons.

For CVE-2023-51384, the OpenSSH ssh-agent client code which is vulnerable is not used within the PAM software.
For CVE-2023-51385, the vulnerable ProxyCommand component is disabled by default in OpenSSH and PAM does not enable it.