pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the PINENTRY_FALLBACK_APP environment v…

A vulnerability in pam_usb prior to version 0.8.7 allows arbitrary code execution through the PINENTRY_FALLBACK_APP environment variable. The pamusb-pinentry component executes the content of this environment variable without validation, enabling privilege escalation attacks. Any process that can set environment variables before pamusb-pinentry execution can exploit this flaw to run arbitrary binaries with pam_usb privileges. This affects the hardware authentication system for Linux that uses removable media for authentication.