Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium.
CVSS Information
N/A
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
cryptsetup 数据伪造问题漏洞
Vulnerability Description
Cryptsetup是是一个实用程序,用于基于DMCrypt内核模块方便地设置磁盘加密。 cryptsetup 存在安全漏洞,该漏洞源于软件对于数据真实性缺乏有效的验证。一个特别制作的LUKS头可以欺骗cryptsetup在设备恢复期间禁用加密。物理访问介质(如闪存盘)的攻击者可以利用这个漏洞迫使用户永久禁用该介质的加密层。
CVSS Information
N/A
Vulnerability Type
N/A