When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is encrypted with an empty key file allowing trivial recovery of the master key.
References
Link | Resource |
---|---|
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:01.geli.asc | Mitigation Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2023, 04:01
Type | Values Removed | Values Added |
---|---|---|
Summary | When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is encrypted with an empty key file allowing trivial recovery of the master key. |
16 Feb 2023, 22:21
Type | Values Removed | Values Added |
---|---|---|
First Time |
Freebsd freebsd
Freebsd |
|
References | (MISC) https://security.FreeBSD.org/advisories/FreeBSD-SA-23:01.geli.ascĀ - Mitigation, Patch, Vendor Advisory | |
CPE | cpe:2.3:o:freebsd:freebsd:13.1:b1-p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.1:p5:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.1:rc1-p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.1:b2-p2:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.1:-:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.1:p3:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:12.4:rc2-p2:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:12.3:p3:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:12.4:rc2-p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:12.3:p5:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.1:p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:12.3:p4:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:12.4:-:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:12.3:p2:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.1:p4:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:12.3:p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.1:p2:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:12.3:-:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
CWE | NVD-CWE-noinfo |
08 Feb 2023, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-08 20:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-0751
Mitre link : CVE-2023-0751
CVE.ORG link : CVE-2023-0751
JSON object : View
Products Affected
freebsd
- freebsd
CWE