CVE-2016-6224 — Sensitive Information Exposure in Ecryptfs-utils

CWE-200 — Sensitive Information Exposure CWE-20 — Improper Input Validation8 documents7 sources

Severity

3.3LOWNVD

EPSS

0.1%

top 82.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ecryptfs Ecryptfs-utils Canonical Ubuntu Linux Debian Ecryptfs-utils

Timeline

PublishedJul 22

Latest updateMay 17

Description

ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages3 packages

▶Ubuntuecryptfs/ecryptfs-utils< 111-0ubuntu1.1

▶NVDecryptfs/ecryptfs-utils110

▶debiandebian/ecryptfs-utils

Also affects: Ubuntu Linux 14.04, 15.10

🔴Vulnerability Details

GHSA

GHSA-q38r-hcf4-gx69: ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe↗2022-05-17

▶

OSV

CVE-2016-6224: ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe↗2016-07-22

▶

📋Vendor Advisories

Ubuntu

eCryptfs vulnerability↗2016-07-14

▶

Red Hat

ecryptfs-utils: ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning on a NVMe or MMC drive↗2016-07-06

▶

Debian

CVE-2016-6224: ecryptfs-utils - ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition ...↗2016

▶

💬Community

Bugzilla

CVE-2016-6224 ecryptfs-utils: ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning on a NVMe or MMC drive↗2016-07-15

▶

Bugzilla

CVE-2015-8946 CVE-2016-6224 ecryptfs-utils: various flaws [fedora-all]↗2016-07-15

▶