CVE-2026-47269

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pamusb's denyremote feature checks utmpx utaddrv6 to detect whether an authentication request originates from a remote session. The outer guard was if utent-utaddrv60 != 0, which only tests the first...

CVE-2026-47270

CVE-2026-47270 affects the pam_usb PAM module used for Linux hardware authentication. The denial logic (deny_remote) uses non-reentrant strtok(), with three functions sharing a global token pointer; in multi-threaded authentication (e.g., long-lived display managers like GDM), two concurrent auth...

PT-2026-44115

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.0 Description This issue occurs in the deny remote feature of the PAM module, which is loaded into host processes such as sudo, login, GDM, and GNOME Shell. In multi-threaded environments like GDM, three functions...

pam_usb 竞争条件问题漏洞

pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.9.0 contained a race condition vulnerability. This vulnerability stemmed from the use of non-reentrant functions like strtok, which led to race conditions...