Description
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/device.c passed the return values of udisks_drive_get_serial(), udisks_drive_get_vendor(), and udisks_drive_get_model() directly to strcmp() without NULL checks. The GIO/UDisks API documentation states these accessors can return NULL for devices that do not expose the corresponding field. Passing NULL to strcmp() is undefined behaviour (typically a SIGSEGV). This vulnerability is fixed in 0.8.7.
Published: 2026-05-27
Score: 4.6 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

pam_usb, a Linux PAM module that uses removable media for authentication, allows a NULL pointer dereference when udisks_drive_get_serial(), udisks_drive_get_vendor(), or udisks_drive_get_model() returns NULL. The returned NULL is passed directly to strcmp() without checking, leading to SIGSEGV and a PAM crash. The crash prevents the authentication stack from completing, effectively denying a user from logging in for that session.

Affected Systems

The vulnerability affects the mcdope pam_usb product in all releases before version 0.8.7. No other vendors or products are listed as affected.

Risk and Exploitability

The CVSS score of 4.6 classifies this as a moderate severity issue. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local: an attacker who can insert a USB device or emulate one can trigger the crash during a user’s authentication attempt, causing a brief denial-of-service. No remote code execution or privilege escalation is described in the CVE.

Generated by OpenCVE AI on May 27, 2026 at 22:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade pam_usb to version 0.8.7 or later
  • If upgrading is not immediately possible, remove or comment out pam_usb from the system’s PAM configuration files to prevent the module from loading during authentication
  • Continuously monitor authentication logs for segmentation faults or PAM crashes that might indicate exploitation attempts

Generated by OpenCVE AI on May 27, 2026 at 22:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 27 May 2026 21:00:00 +0000

Type Values Removed Values Added
Description pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/device.c passed the return values of udisks_drive_get_serial(), udisks_drive_get_vendor(), and udisks_drive_get_model() directly to strcmp() without NULL checks. The GIO/UDisks API documentation states these accessors can return NULL for devices that do not expose the corresponding field. Passing NULL to strcmp() is undefined behaviour (typically a SIGSEGV). This vulnerability is fixed in 0.8.7.
Title pam_usb: NULL pointer dereference from UDisks device fields causes PAM crash and login denial-of-service
Weaknesses CWE-476
References
Metrics cvssV3_1

{'score': 4.6, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-27T20:19:35.374Z

Reserved: 2026-05-07T17:07:09.318Z

Link: CVE-2026-44710

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-27T21:16:17.947

Modified: 2026-05-27T21:16:17.947

Link: CVE-2026-44710

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-27T22:30:35Z

Weaknesses