CVE-2026-48982

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.2

Description This software provides hardware authentication for Linux using removable media. A race condition exists when updating a one-time pad file because a temporary file is created using the open() function without the O EXCL flag. This lack of atomicity allows two concurrent processes to open the same file, leading to the second write silently overwriting the first. Since the one-time pad is the primary replay-prevention mechanism, this divergence can cause authentication failures or create a window for pad reuse.

Recommendations Update to version 0.9.2.