91
New Linux Security Flaw Uses Initramfs to Inject Malware (www.omgubuntu.co.uk)
submitted 3 weeks ago by cm0002@programming.dev to c/linux@programming.dev
24 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] fmstrat@lemmy.nowsci.com 3 points 3 weeks ago

But.. your original comment is just.. wrong?

This isn't a critical security flaw unless you have the worst partition scheme on your encrypted volumes imaginable.

The default LUKS partition scheme is vulnerable.

It's not even a process flaw at that point, just "possible".

There is a successful POC, it is a flaw.

you can compromise disks once encrypted because everything is happening in an in-memory boot process.

This is not just in-memory. This is modifying the unencrypted part of initramfs on disk. Powering off the machine does not remove the exploit.

this post was submitted on 07 Jul 2025
91 points (100.0% liked)

Linux

8676 readers
226 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev