CVE-2023-0751

Name of the Vulnerable Software and Affected Versions GELI (affected versions not specified)

Description The issue arises when GELI reads a key file from standard input and does not reuse it to initialize multiple providers simultaneously. As a result, subsequent devices use a NULL key as the user key file. If a user relies solely on a key file without a user passphrase, the master key is encrypted with an empty key file, allowing for trivial recovery of the master key.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.