CVE-2016-6224

low

Description

ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946.

References

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K5WWCVHDLRLZTYMXEIONYFHLYAXXLJW3/

https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1447282

https://bugs.launchpad.net/ecryptfs/+bug/1597154

https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882

http://www.ubuntu.com/usn/USN-3032-1

http://www.openwall.com/lists/oss-security/2016/07/14/3

http://www.openwall.com/lists/oss-security/2016/07/13/2

Details

Source: Mitre, NVD

Published: 2016-07-22

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 3.3

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Severity: Low