Title: Linux Kernel dm-crypt crypt_config Structure Cryptographic Key Local Disclosure
Jan 04, 2006
The Linux kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because 'dm-crypt' does not zero out the 'struct crypt_config' structure before it is freed, potentially leaking cryptographic key information, resulting in a loss of confidentiality.
Local Access Required
Loss of Confidentiality
Upgrade to version 2.6.16-rc1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.