91
New Linux Security Flaw Uses Initramfs to Inject Malware (www.omgubuntu.co.uk)
submitted 5 days ago by cm0002@programming.dev to c/linux@programming.dev
24 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] just_another_person@lemmy.world 2 points 5 days ago

How are you going to boot something that's encrypted without input to unlock it?

N

[-] fmstrat@lemmy.nowsci.com 5 points 5 days ago* (last edited 5 days ago)

You always "boot something that is unencrypted." You then "mount" the encrypted volumes and load the OS.

This is how people can put an SSH server (dropbear) in initramfs so they can unlock remotely.

The attack is to initramfs, not the encrypted layer.

The order'ish:

  • Boot
  • Initramfs loads, gives you the LUKS prompt
  • Initramfs decrypts/mounts OS
  • OS loads
[-] just_another_person@lemmy.world 1 points 5 days ago

I'm well aware. You're proving my point at mount.

[-] fmstrat@lemmy.nowsci.com 3 points 4 days ago

But.. your original comment is just.. wrong?

This isn't a critical security flaw unless you have the worst partition scheme on your encrypted volumes imaginable.

The default LUKS partition scheme is vulnerable.

It's not even a process flaw at that point, just "possible".

There is a successful POC, it is a flaw.

you can compromise disks once encrypted because everything is happening in an in-memory boot process.

This is not just in-memory. This is modifying the unencrypted part of initramfs on disk. Powering off the machine does not remove the exploit.

this post was submitted on 07 Jul 2025
91 points (100.0% liked)

Linux

8394 readers
385 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev