2 matches found
Constellation has insecure LUKS2 persistent storage partitions which may be opened and used
Summary A malicious host may provide a crafted LUKS2 volume to a confidential computing guest that is using the OpenCryptDevice feature. The guest will open the volume and write secret data using a volume key known to the attacker. The attacker can also pre-load data on the device, which could...
CVE-2025-59054
CVE-2025-59054 – dstack affects the dstack SDK (pre-0.5.4) used for deploying containerized apps into TEEs. The root cause is un authenticated LUKS2 volume metadata, enabling a malicious host to craft an LUKS2 data volume mounted as /data in the CVM. This can allow the guest to open the volume an...