CVE Vulnerabilities

CVE-2026-12610

Expired Pointer Dereference

Published: Jun 30, 2026 | Modified: Jun 30, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
6.4 MODERATE
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of service that disrupts authentication. This vulnerability also presents a potential for privilege escalation, although it is difficult to exploit.

Weakness

The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.

Affected Software

NameVendorStart VersionEnd Version
SssdFedoraproject- (including)- (including)
Enterprise_linuxRedhat8.0 (including)8.0 (including)
Enterprise_linuxRedhat9.0 (including)9.0 (including)
Enterprise_linuxRedhat10.0 (including)10.0 (including)

Potential Mitigations

References