SecuriTricks - CVE-2026-48985

Description

pam_usb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, pusb_is_loginctl_local() can cause a NULL dereference crash when parsing loginctl output. The function calls popen() and reads the result; if the Remote field is only a newline, fgets() succeeds but strtok_r(buf, "\n", &saveptr) returns NULL. A subsequent strcmp(is_remote, "no") then dereferences NULL, causing undefined behavior (typically SIGSEGV) and crashing the PAM module. This can crash the authenticating process (e.g., sudo, login) and, depending on PAM stack configuration, deny access for all users of the affected service. This issue has been fixed in version 0.9.2.

Product(s) Impacted

Vendor	Product	Versions
Pam Usb	Pam Usb	0.9.1, <0.9.2

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-476

NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	pam_usb	pam_usb	0.9.1	/	/	/	/	/	/	/
a	pam_usb	pam_usb	<0.9.2	/	/	/	/	/	/

References

https://github.com/mcdope/pam_usb/releases/tag/0.9.2

https://github.com/mcdope/pam_usb/security/advisories/GHSA-7j6h-wfc2-mg5q

CVSS Score

5.5 / 10

CVSS Data - 3.1

Attack Vector: LOCAL
Attack Complexity: LOW
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

View Vector String

Timeline

Published: June 18, 2026, 6:16 p.m.
Last Modified: June 18, 2026, 8:16 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

CVE-2026-48985