[dm-crypt] About CVE-2016-4484: - Cryptsetup Initrd root Shell

Milan Broz gmazyland at gmail.com
Tue Nov 15 13:34:49 CET 2016


Hi all,

just little bit clarification about CVE-2016-4484
http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html

This bug is *NOT* cryptsetup/LUKS upstream bug, it is a minor problem in scripts
unlocking an encrypted system.

It allows attacker to drop to initramdisk shell (without decryption of LUKS data).

The scripts are part of Debian cryptsetup package (as an addition to upstream)
or part of dracut package (if dracut is used).

(The info about the problem was embargoed until the talk and only Debian maintainers
were informed in advance.)

Milan


More information about the dm-crypt mailing list