CVE-2026-48986
MediumCVSS 4.7Summary
In pam_usb versions 0.9.1 and earlier, a bug can lead to an infinite loop DoS due to improper initialization of the *ppid variable. In the pusb_local_login() function, the same variable is reused as input and output in a loop, which can cause the authenticating process to hang.
Risk Assessment
Organizations may experience the blocking of authentication processes such as sudo, sshd, or login, leading to service availability disruptions. In the event of an attack, these processes may require forced termination, impacting system stability.
Recommendation
It is recommended to upgrade to pam_usb version 0.9.2 or later to mitigate this vulnerability. Additionally, monitoring authentication processes can help in quickly identifying issues.
Original NVD description (English source)
pam_usb provides hardware authentication for Linux using removable media. In pam_usb 0.9.1 and earlier, usb_get_process_parent_id() can cause an infinite loop DoS because it does not initialize *ppid on failure. In pusb_local_login(), the same variable is reused as input and output in a process-tree while loop; if /proc/<pid>/stat cannot be read (for example, when an ancestor process exits during authentication), the PID is not updated and the loop does not terminate. This hangs the authenticating process (such as sudo, sshd, or login) until it is forcibly terminated. This issue has been fixed in version 0.9.2.

