CVE-2026-48982
Received Received - Intake
Race Condition in pam_usb One-Time Pad Update

Publication date: 2026-06-18

Last updated on: 2026-06-18

Assigner: GitHub, Inc.

Description
pam_usb provides hardware authentication for Linux using ordinary removable media. In versions prior to 0.9.2, when updating a one-time pad file, a temporary file is created using open() without the O_EXCL flag. Without O_EXCL, the create operation is not atomic: two concurrent processes racing to update the same pad may both succeed in opening the file, with the second write silently overwriting the first. The one-time pad is the core replay-prevention mechanism of pam_usb. A successful race could result in the stored pad value diverging from what either process expected, potentially causing authentication failures or, in a precisely timed attack, creating a window for pad reuse. This issue has been fixed in version 0.9.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-18
Last Modified
2026-06-18
Generated
2026-06-19
AI Q&A
2026-06-18
EPSS Evaluated
N/A
NVD
CVE-2026-48982
EUVD
EUVD-2026-37935
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mcdope pam_usb to 0.9.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-48982 is a race condition vulnerability in the pam_usb software, specifically in versions prior to 0.9.2. The issue occurs when updating a one-time pad file used for hardware authentication on Linux. The temporary file for the update is created without the O_EXCL flag, making the file creation non-atomic. This allows two concurrent processes to open and write to the same file simultaneously, with the second write potentially overwriting the first.

Since the one-time pad is essential for preventing replay attacks in pam_usb, this race condition can cause the stored pad value to diverge from what either process expects. This may lead to authentication failures or, if exploited precisely, enable reuse of the one-time pad, compromising the replay-prevention mechanism.

The vulnerability was fixed in version 0.9.2 by ensuring atomic file creation using the O_EXCL flag or mkstemp().

Impact Analysis

This vulnerability can impact you by causing authentication failures due to the one-time pad value becoming inconsistent. In a worst-case scenario, a carefully timed attack could exploit the race condition to reuse the one-time pad, potentially allowing unauthorized access by bypassing the replay-prevention mechanism.

The primary impact is on data integrity, as the one-time pad may be corrupted or reused. There may also be low impacts on confidentiality and availability, but the main concern is the reliability of the authentication process.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade pam_usb to version 0.9.2 or later, where the issue has been fixed by ensuring atomic creation of the temporary file using the O_EXCL flag or mkstemp().

This update prevents the race condition that could cause authentication failures or pad reuse by properly synchronizing access to the one-time pad file.

Compliance Impact

The vulnerability in pam_usb primarily impacts data integrity by allowing a race condition that can cause authentication failures or pad reuse. While the CVE description and resources do not explicitly mention compliance with standards such as GDPR or HIPAA, the potential for authentication failures and data integrity issues could indirectly affect compliance with these regulations, which require strong authentication and data protection controls.

However, there is no direct information provided about how this vulnerability specifically affects compliance with common standards and regulations.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48982. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart