Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
dstack has insecure LUKS2 persistent storage partitions that may be opened and used
Vulnerability Description
dstack is a software development kit (SDK) to simplify the deployment of arbitrary containerized apps into trusted execution environments. In versions of dstack prior to 0.5.4, a malicious host may provide a crafted LUKS2 data volume to a dstack CVM for use as the `/data` mount. The guest will open the volume and write secret data using a volume key known to the attacker, causing disclosure of Wireguard keys and other secret information. The attacker can also pre-load data on the device, which could potentially compromise guest execution. LUKS2 volume metadata is not authenticated and supports null key-encryption algorithms, allowing an attacker to create a volume such that the volume opens (cryptsetup open) without error using any passphrase or token, records all writes in plaintext (or ciphertext with an attacker-known key), and/or contains arbitrary data chosen by the attacker. Version 0.5.4 of dstack contains a patch that addresses LUKS headers.
CVSS Information
N/A
Vulnerability Type
对外部实体的文件或目录可访问
Vulnerability Title
dstack 安全漏洞
Vulnerability Description
dstack是Dstack TEE开源的一个TEE部署工具。 dstack 0.5.4之前版本存在安全漏洞,该漏洞源于恶意主机可能提供特制LUKS2数据卷,导致Wireguard密钥和其他秘密信息泄露,并可能破坏客户机执行。
CVSS Information
N/A
Vulnerability Type
N/A