Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-0751

When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is encrypted with an empty key file allowing trivial recovery of the master key.

Published

2023-02-08T20:15:24.377

Last Modified

2025-03-25T14:15:20.480

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-20
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	freebsd	freebsd	12.3	Yes
Operating System	freebsd	freebsd	12.3	Yes
Operating System	freebsd	freebsd	12.3	Yes
Operating System	freebsd	freebsd	12.3	Yes
Operating System	freebsd	freebsd	12.3	Yes
Operating System	freebsd	freebsd	12.3	Yes
Operating System	freebsd	freebsd	12.4	Yes
Operating System	freebsd	freebsd	12.4	Yes
Operating System	freebsd	freebsd	12.4	Yes
Operating System	freebsd	freebsd	13.1	Yes
Operating System	freebsd	freebsd	13.1	Yes
Operating System	freebsd	freebsd	13.1	Yes
Operating System	freebsd	freebsd	13.1	Yes
Operating System	freebsd	freebsd	13.1	Yes
Operating System	freebsd	freebsd	13.1	Yes
Operating System	freebsd	freebsd	13.1	Yes
Operating System	freebsd	freebsd	13.1	Yes
Operating System	freebsd	freebsd	13.1	Yes

References

https://security.FreeBSD.org/advisories/FreeBSD-SA-23:01.geli.asc Mitigation, Patch, Vendor Advisory ([email protected])
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:01.geli.asc Mitigation, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230316-0004/ (af854a3a-2127-422b-91ae-364da2661108)