Local Denial of Service in pam_usb Authentication Module for Linux
CVE-2026-47271

5.1MEDIUM

Key Information:

Vendor: Mcdope
Status: Pam Usb
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-47271?

The pam_usb authentication module for Linux systems is vulnerable to a local denial-of-service attack due to improper handling of memory allocation failures. In versions prior to 0.9.0, the module lacked adequate guards against NULL pointer dereferences during memory allocation processes. When memory allocation fails, the module would crash, leading to authentication failures for users relying on the PAM module for login and sudo. This behavior creates a window of opportunity for attackers to lock users out of critical system features by inducing memory pressure. The vulnerability is effectively mitigated in version 0.9.0.

Affected Version(s)

pam_usb < 0.9.0

References

https://github.com/mcdope/pam_usb/security/advisories/GHS...

x_refsource_CONFIRM

https://github.com/mcdope/pam_usb/commit/d003e551b794a9e3...

x_refsource_MISC

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
May 18, 2026

CVE-2026-47271 Data

JSON

Mcdope

What is CVE-2026-47271?

Affected Version(s)

References

CVSS V3.1

Timeline