[dm-crypt] About CVE-2016-4484: - Cryptsetup Initrd root Shell

Jonas Meurer jonas at freesources.org
Wed Dec 7 12:37:04 CET 2016

Hi there,

Am 15.11.2016 um 13:34 schrieb Milan Broz:
> just little bit clarification about CVE-2016-4484
> http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
> This bug is *NOT* cryptsetup/LUKS upstream bug, it is a minor problem in scripts
> unlocking an encrypted system.
> It allows attacker to drop to initramdisk shell (without decryption of LUKS data).
> The scripts are part of Debian cryptsetup package (as an addition to upstream)
> or part of dracut package (if dracut is used).

I decided to write down my thoughts on CVE-2016-4484 and published them
in a blog post:


Feel free to share your comments, criticism, opinion either in the blog
comments or here on the list.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20161207/3053cf79/attachment.asc>

More information about the dm-crypt mailing list