CVE-2026-48985 | pam_usb provides hardware authentication for Linux using ord… | CVSS 5.5 MEDIUM

Description

pam_usb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, pusb_is_loginctl_local() can cause a NULL dereference crash when parsing loginctl output. The function calls popen() and reads the result; if the Remote field is only a newline, fgets() succeeds but strtok_r(buf, "\n", &saveptr) returns NULL. A subsequent strcmp(is_remote, "no") then dereferences NULL, causing undefined behavior (typically SIGSEGV) and crashing the PAM module. This can crash the authenticating process (e.g., sudo, login) and, depending on PAM stack configuration, deny access for all users of the affected service. This issue has been fixed in version 0.9.2.

Metadata

CVE ID: CVE-2026-48985
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2026-05-26 23:26 UTC
Published: 2026-06-18 17:30 UTC
Last updated: 2026-06-18 19:13 UTC
Primary CWE: CWE-476
CWE-476: NULL Pointer Dereference
Vendor / Product: mcdope / pam_usb
Sources: cve.org · NVD

Severity & Metrics

5.5 MEDIUM CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
mcdope	pam_usb	—	< 0.9.2

Weakness (CWE)

CWE	Source	Description
CWE-476	cna	CWE-476: NULL Pointer Dereference

CVSS scores (1)

Score	Severity	Version	Source	Vector
5.5	MEDIUM	3.1	cna	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References (2)

https://github.com/mcdope/pam_usb/security/advisories/GHSA-7j6h-wfc2-mg5q https://github.com/mcdope/pam_usb/security/advisories/GHSA-7j6h-wfc2-mg5q
https://github.com/mcdope/pam_usb/releases/tag/0.9.2 https://github.com/mcdope/pam_usb/releases/tag/0.9.2