CVE-2026-44710
Deferred Deferred - Pending Action
Heap-based Buffer Overflow in pam_usb

Publication date: 2026-05-27

Last updated on: 2026-05-27

Assigner: GitHub, Inc.

Description
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/device.c passed the return values of udisks_drive_get_serial(), udisks_drive_get_vendor(), and udisks_drive_get_model() directly to strcmp() without NULL checks. The GIO/UDisks API documentation states these accessors can return NULL for devices that do not expose the corresponding field. Passing NULL to strcmp() is undefined behaviour (typically a SIGSEGV). This vulnerability is fixed in 0.8.7.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-27
Last Modified
2026-05-27
Generated
2026-06-17
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-44710
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pam_usb pam_usb to 0.8.7 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in pam_usb versions prior to 0.8.7, where the code in src/device.c calls the strcmp() function with return values from udisks_drive_get_serial(), udisks_drive_get_vendor(), and udisks_drive_get_model() without checking if these values are NULL.

According to the GIO/UDisks API documentation, these functions can return NULL if the device does not expose the corresponding field. Passing NULL to strcmp() causes undefined behavior, which typically results in a segmentation fault (SIGSEGV).

This means that the software can crash or behave unexpectedly when handling certain removable media devices.

Impact Analysis

This vulnerability can cause the pam_usb authentication process to crash or terminate unexpectedly when it encounters removable media devices that do not provide certain device information fields.

Such crashes can lead to denial of service (DoS) conditions, potentially preventing legitimate users from authenticating using hardware tokens.

Since the vulnerability does not affect confidentiality or integrity, the main impact is availability disruption.

Compliance Impact

The provided information does not specify any impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Mitigation Strategies

To mitigate this vulnerability, upgrade pam_usb to version 0.8.7 or later, where the issue has been fixed.

Detection Guidance

This vulnerability causes the pam_usb module to crash with a NULL pointer dereference when it encounters USB devices that do not expose serial, vendor, or model fields via UDisks. Detection can focus on identifying crashes or authentication failures related to pam_usb when USB devices are connected.

To detect this issue on your system, monitor system logs for pam_usb crashes or authentication failures after plugging in USB devices.

Suggested commands include:

  • Check system logs for pam_usb errors or crashes: `journalctl -xe | grep pam_usb`
  • Manually test authentication with pam_usb after inserting USB devices that might lack serial/vendor/model fields.
  • Use `udisksctl info -b /dev/sdX` (replace /dev/sdX with your USB device) to check if serial, vendor, or model fields are missing or NULL.

If pam_usb crashes or authentication fails when such devices are connected, the system is likely vulnerable.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44710. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart