vulnerability
FreeBSD: VID-3fcab88b-47bc-11ee-8e38-002590c1f29c (CVE-2023-0751): FreeBSD -- GELI silently omits the keyfile if read from stdin
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:C/I:N/A:N) | Aug 31, 2023 | Aug 31, 2023 | Dec 10, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:C/I:N/A:N)
Published
Aug 31, 2023
Added
Aug 31, 2023
Modified
Dec 10, 2025
Description
Problem Description: When GELI reads a key file from a standard input, it doesn't store it anywhere. If the user tries to initialize multiple providers at once, for the second and subsequent devices the standard input stream will be already empty. In this case, GELI silently uses a NULL key as the user key file. If the user used only a key file without a user passphrase, the master key was encrypted with an empty key file. This might not be noticed if the devices were also decrypted in a batch operation. Impact: Some GELI providers might be silently encrypted with a NULL key file.
Solutions
freebsd-upgrade-base-13_1-release-p6freebsd-upgrade-base-12_4-release-p1freebsd-upgrade-base-12_3-release-p11
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.