Trying to launch the following command

sudo su - root

This is denied and the audit is showing the following

09 Oct 2025 11:57:42 D SURROGATE    <user>    Read       69  2 USER.root            /sudo                s                  root
Event type: Resource access
Status: Denied
Class: SURROGATE
Resource: USER.root
Access: Read
User name: <user>
Terminal: s
Program: /sudo
Date: 09 Oct 2025
Time: 11:57
Details: No Step that allowed access
User Logon Session ID: 68e785e6:00015f64
Audit flags: AC database user
Effective user name: root

However <user> is part of a group that has read right over USER.root and this had always worked until a recent upgrade

Besides this, the terminal name, 's' is just showing with the wrong or truncated name. This is an example, but other occurrences of this problem may show different terminal names, always incorrect 

CA PAM 14.10.70 endpoint in Linux

This is a software defect for which a solution has been created by SE

SE have created a series of patches for different builds of PAM SC 14.10.70, for instance acpatch-DE645522-14.10.70.116-_LINUX_X64.zip

Please open a case with BroadCom support to obtain the relevant patch