CVE-2026-47271— pam_usb 调试宏移除OOM保护致空指针解引用崩溃
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2026-47271 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗ 尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
pam_usb: OOM guards removed by -DNDEBUG cause NULL dereference and authentication process crash
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, src/mem.c implemented out-of-memory guards for xmalloc(), xrealloc(), and xstrdup() using assert(data != NULL). The C standard specifies that all assert() expressions are compiled out when NDEBUG is defined at build time. NDEBUG is commonly defined in release and packaging builds (Debian, Fedora, Arch package flags all define it via -DNDEBUG in CFLAGS). With the guard removed, xmalloc/xrealloc/xstrdup silently return NULL on allocation failure. Every caller in the codebase dereferences the return value without a NULL check -- this is the intended design, as the guard was supposed to abort before the dereference. With the guard gone, any allocation failure causes a NULL pointer dereference, crashing the PAM module. A crash in a PAM module loaded by sudo or login causes authentication to fail for the duration of the crash, creating a local denial-of-service condition. An attacker who can induce memory pressure at authentication time can lock all users out of sudo and login. This vulnerability is fixed in 0.9.0.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
空指针解引用
来源: 美国国家漏洞数据库 NVD
受影响产品
二、漏洞 CVE-2026-47271 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
AI 生成 POC高级
未找到公开 POC。
登录以生成 AI POC三、漏洞 CVE-2026-47271 的情报信息
请登录查看更多情报信息。
CVE-2026-47271 补丁与修复 (1)
CVE-2026-47271 厂商安全公告 (1)
同批安全公告 · mcdope · 2026-05-27 · 共 15 条
| CVE-2026-44713 | 8.8 HIGH | pam_usb 通过$TMUX环境变量命令注入导致RCE漏洞 |
| CVE-2026-44712 | 8.2 HIGH | pam_usb 通过设备 UUID 和用户名注入 Shell 漏洞 |
| CVE-2026-48064 | 8.1 HIGH | pam_usb PAM_RHOST检查绕过允许XDMCP身份验证绕过 |
| CVE-2026-44711 | 7.9 HIGH | pam_usb 链接攻击绕过认证并导致根目录损坏 |
| CVE-2026-44709 | 7.8 HIGH | pam_usb 环境变量导致任意命令执行漏洞 |
| CVE-2026-47269 | 7.4 HIGH | pam_usb 远程IPv4映射IPv6地址误判漏洞 |
| CVE-2026-47272 | 7.1 HIGH | pam_usb OTP垫认证绕过漏洞 |
| CVE-2026-48065 | 6.7 MEDIUM | pam_usb 32位平台xmalloc前整数乘法未检查导致堆溢出 |
| CVE-2026-47273 | 6.5 MEDIUM | pam_usb PAM标识符XPath注入漏洞 |
| CVE-2026-47274 | 6.3 MEDIUM | pam_usb 路径变量注入导致权限提升漏洞 |
| CVE-2026-47270 | 6.3 MEDIUM | pam_usb多线程环境strtok竞态条件导致deny_remote结果损坏漏洞 |
| CVE-2026-48066 | 5.7 MEDIUM | pam_usb 日志静态指针线程不安全致数据竞争漏洞 |
| CVE-2026-44710 | 4.6 MEDIUM | pam_usb UDisks空指针解引用导致PAM崩溃 |
| CVE-2026-48792 | 4.4 MEDIUM | pam_usb 远程桌面检测绕过漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2026-47271
暂无评论