CVE-2026-44710: CWE-476: NULL Pointer Dereference in mcdope pam_usb
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/device.c passed the return values of udisks_drive_get_serial(), udisks_drive_get_vendor(), and udisks_drive_get_model() directly to strcmp() without NULL checks. The GIO/UDisks API documentation states these accessors can return NULL for devices that do not expose the corresponding field. Passing NULL to strcmp() is undefined behaviour (typically a SIGSEGV). This vulnerability is fixed in 0.8.7.
AI Analysis
Technical Summary
pam_usb, a Linux hardware authentication module using removable media, had a NULL pointer dereference vulnerability (CWE-476) in versions before 0.8.7. Specifically, in src/device.c, the return values of udisks_drive_get_serial(), udisks_drive_get_vendor(), and udisks_drive_get_model() were passed directly to strcmp() without NULL checks. According to GIO/UDisks API documentation, these functions can return NULL if the device does not expose the respective field. Passing NULL to strcmp() leads to undefined behavior, typically causing a segmentation fault (SIGSEGV). This vulnerability results in a denial of service condition. The vulnerability is resolved in version 0.8.7.
Potential Impact
The vulnerability causes a denial of service by crashing the pam_usb authentication process when NULL pointers are passed to strcmp(). There is no impact on confidentiality or integrity. The CVSS v3.1 base score is 4.6 (medium severity), reflecting the local attack vector and lack of confidentiality or integrity impact.
Mitigation Recommendations
Upgrade pam_usb to version 0.8.7 or later, where the NULL pointer dereference issue is fixed. No other mitigation is indicated or required.
CVE-2026-44710: CWE-476: NULL Pointer Dereference in mcdope pam_usb
Description
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/device.c passed the return values of udisks_drive_get_serial(), udisks_drive_get_vendor(), and udisks_drive_get_model() directly to strcmp() without NULL checks. The GIO/UDisks API documentation states these accessors can return NULL for devices that do not expose the corresponding field. Passing NULL to strcmp() is undefined behaviour (typically a SIGSEGV). This vulnerability is fixed in 0.8.7.
CVSS v3.1
Score 4.6medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
pam_usb, a Linux hardware authentication module using removable media, had a NULL pointer dereference vulnerability (CWE-476) in versions before 0.8.7. Specifically, in src/device.c, the return values of udisks_drive_get_serial(), udisks_drive_get_vendor(), and udisks_drive_get_model() were passed directly to strcmp() without NULL checks. According to GIO/UDisks API documentation, these functions can return NULL if the device does not expose the respective field. Passing NULL to strcmp() leads to undefined behavior, typically causing a segmentation fault (SIGSEGV). This vulnerability results in a denial of service condition. The vulnerability is resolved in version 0.8.7.
Potential Impact
The vulnerability causes a denial of service by crashing the pam_usb authentication process when NULL pointers are passed to strcmp(). There is no impact on confidentiality or integrity. The CVSS v3.1 base score is 4.6 (medium severity), reflecting the local attack vector and lack of confidentiality or integrity impact.
Mitigation Recommendations
Upgrade pam_usb to version 0.8.7 or later, where the NULL pointer dereference issue is fixed. No other mitigation is indicated or required.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-05-07T17:07:09.318Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a175c27e29bf47b50eb6089
Added to database: 5/27/2026, 9:03:35 PM
Last enriched: 5/27/2026, 9:34:12 PM
Last updated: 5/29/2026, 2:58:04 PM
Views: 15
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.