CVE-2026-47271
NULL Pointer Dereference in pam_usb PAM Module
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mcdope | pam_usb | 0.9.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in pam_usb, a Linux hardware authentication module that uses removable media. Before version 0.9.0, the code used assert() statements to guard against out-of-memory conditions in memory allocation functions like xmalloc(), xrealloc(), and xstrdup(). However, when the software is built with NDEBUG defined (common in release builds), these assert() checks are removed, causing the functions to return NULL silently on allocation failure.
Since the code does not check for NULL return values and directly dereferences them, any memory allocation failure leads to a NULL pointer dereference, crashing the PAM module. This crash causes authentication failures in services like sudo or login, resulting in a local denial-of-service condition.
An attacker who can create memory pressure during authentication can exploit this to lock users out of sudo and login. The issue is fixed in version 0.9.0.
How can this vulnerability impact me? :
This vulnerability can cause a local denial-of-service condition by crashing the PAM module responsible for authentication.
If exploited, an attacker able to induce memory pressure during authentication can cause authentication failures in sudo and login, effectively locking all users out of these critical services.
This means legitimate users may be unable to authenticate or gain elevated privileges, disrupting normal system operations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade pam_usb to version 0.9.0 or later, where the issue is fixed.
Until the upgrade can be applied, avoid inducing memory pressure during authentication to prevent triggering the denial-of-service condition.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability causes a local denial-of-service condition by crashing the PAM module during authentication, which can lock users out of sudo and login. While this impacts system availability, there is no direct information indicating that it leads to unauthorized data access or disclosure.
Since the vulnerability primarily affects authentication availability and does not mention data breaches or privacy violations, its impact on compliance with standards like GDPR or HIPAA is indirect and limited to potential service disruption.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability causes the pam_usb PAM module to crash during authentication when memory allocation fails, resulting in denial of service for sudo and login processes.
To detect this vulnerability on your system, you can check the version of pam_usb installed and verify if it is prior to version 0.9.0, as the issue is fixed in 0.9.0.
You can also monitor system logs for authentication failures or crashes related to pam_usb during sudo or login attempts.
Suggested commands include:
- Check pam_usb version: `pam_usb --version` or check package version via your package manager, e.g., `dpkg -l | grep pam_usb` or `rpm -q pam_usb`.
- Search system logs for pam_usb errors or crashes: `journalctl -xe | grep pam_usb` or `grep pam_usb /var/log/auth.log`.
- Attempt authentication using sudo or login and observe if failures or crashes occur unexpectedly.