CVE-2026-48985

Source
https://cve.org/CVERecord?id=CVE-2026-48985
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-48985.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-48985
Aliases
  • GHSA-7j6h-wfc2-mg5q
Published
2026-06-18T17:30:31.873Z
Modified
2026-07-08T08:12:35.085177824Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
pam_usb: NULL Dereference Crash in pusb_is_loginctl_local when loginctl Returns Empty Remote Field
Details

pamusb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, pusbisloginctllocal() can cause a NULL dereference crash when parsing loginctl output. The function calls popen() and reads the result; if the Remote field is only a newline, fgets() succeeds but strtokr(buf, "\n", &saveptr) returns NULL. A subsequent strcmp(isremote, "no") then dereferences NULL, causing undefined behavior (typically SIGSEGV) and crashing the PAM module. This can crash the authenticating process (e.g., sudo, login) and, depending on PAM stack configuration, deny access for all users of the affected service. This issue has been fixed in version 0.9.2.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/48xxx/CVE-2026-48985.json",
    "cwe_ids": [
        "CWE-476"
    ],
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/mcdope/pam_usb

Affected ranges

Type
GIT
Repo
https://github.com/mcdope/pam_usb
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.9.2"
        }
    ]
}

Affected versions

0.*
0.5.0
0.7.1
0.7.2
0.7.3
0.8.3
0.8.4
0.8.7
0.9.0
0.9.1
v0.*
v0.7.0
v0.8.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-48985.json"