Files or Directories Accessible to External Parties

Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the secure persistent volume feature. An attacker can access confidential data stored in persistent volumes by providing a crafted LUKS2 volume with a null key-encryption algorithm...

Constellation has insecure LUKS2 persistent storage partitions which may be opened and used

Summary A malicious host may provide a crafted LUKS2 volume to a confidential computing guest that is using the OpenCryptDevice feature. The guest will open the volume and write secret data using a volume key known to the attacker. The attacker can also pre-load data on the device, which could...

EUVD-2020-6522

Malware in sbrugna...

CVE-2025-59054

dstack is a software development kit SDK to simplify the deployment of arbitrary containerized apps into trusted execution environments. In versions of dstack prior to 0.5.4, a malicious host may provide a crafted LUKS2 data volume to a dstack CVM for use as the /data mount. The guest will open t...

CVE-2025-59054

CVE-2025-59054 – dstack affects the dstack SDK (pre-0.5.4) used for deploying containerized apps into TEEs. The root cause is un authenticated LUKS2 volume metadata, enabling a malicious host to craft an LUKS2 data volume mounted as /data in the CVM. This can allow the guest to open the volume an...

Security Bulletin: Netcool Operations Insight v1.6.4 contains fixes for multiple security vulnerabilities.

Summary Netcool Operations Insight v1.6.4 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID: CVE-2021-23450 DESCRIPTION: Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the...

Debian: Security Advisory (DSA-5070-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5286-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5286-1: cryptsetup vulnerability

Milan Broz discovered that cryptsetup incorrectly handled LUKS2 reencryption recovery. An attacker with physical access to modify the encrypted device header may trigger the device to be unencrypted the next time it is mounted by the user. On Ubuntu 20.04 LTS, this issue was fixed by disabling th...

[SECURITY] [DSA 5070-1] cryptsetup security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5070-1 [email protected] https://www.debian.org/security/ Yves-Alexis Perez February 10, 2022 https://www.debian.org/security/faq -...

AlmaLinux 8 : cryptsetup (ALSA-2020:4542)

"The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:4542 advisory. - A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every...

ROS-20220125-20

Cryptsetup package vulnerability is related to modification of metadata to disable encryption in partitions in the LUKS2 Linux Unified Key Setup format. Exploitation of the vulnerability could allow an attacker to force a user to permanently disable the encryption layer of this media. a user to...

SUSE: Security Advisory (SUSE-SU-2022:0144-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2022:0144-1 Security update for cryptsetup

This update for cryptsetup fixes the following issues: - CVE-2021-4122: Fixed possible attacks against data confidentiality through LUKS2 online reencryption extension crash recovery bsc1194469...

Huawei EulerOS: Security Advisory for cryptsetup (EulerOS-SA-2021-1594)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for cryptsetup (EulerOS-SA-2021-1656)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.0 : cryptsetup (EulerOS-SA-2021-1656)

According to the version of the cryptsetup packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is...

NewStart CGSL MAIN 6.02 : cryptsetup Vulnerability (NS-SA-2021-0087)

"The remote NewStart CGSL host, running version MAIN 6.02, has cryptsetup packages installed that are affected by a vulnerability: - A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is effectively invoked on every device/ima...

EulerOS Virtualization 2.9.1 : cryptsetup (EulerOS-SA-2021-1594)

According to the version of the cryptsetup package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format validation code, that is...

How to make a software BTRFS RAID1 with LUKS2 FDE

The guide below is simplified in a way that preparing the boot partition is not covered. Software based btrfs RAID1 requires two devices, which conceptually dont even need to be on different disks. But for obvious reasons, its a good idea if they are… Having mirroring against encrypted storage...