Impact
pam_usb is a Linux PAM module that authenticates users using removable media. In versions 0.9.1 and earlier, the function pusb_is_loginctl_local can dereference a NULL pointer when loginctl output contains an empty Remote field. This results in a segmentation fault that terminates the PAM module, and depending on the PAM stack configuration, can deny authentication for all users of the affected service. The vulnerability is a classic NULL pointer dereference (CWE‑476) and can lead to a denial of service on the system.
Affected Systems
Vendors: mcdope provides the pam_usb package. Affected versions are 0.9.1 and all earlier releases. The vulnerability applies to Linux installations that use pam_usb for authentication, such as systems with PAM stacks configured to load the module for login, SSH, sudo, or other privileged services.
Risk and Exploitability
The CVSS score of 5.5 indicates a moderate severity. The EPSS score is not available, and the vulnerability is not listed in CISA KEV. The likely attack vector is local: an authenticated or unauthenticated user who initiates an authentication session using pam_usb can trigger the crash by providing removable media that causes loginctl to output an empty Remote field. A successful crash would suspend the authentication process, potentially denying service to all users of the affected PAM service. No privileged escalation is required; the impact is limited to denial of service.
OpenCVE Enrichment