CVE-2023-0751

Published: Feb 8, 2023

Modified: Mar 25, 2025

PUBLISHED

Description

When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is encrypted with an empty key file allowing trivial recovery of the master key.

Vendor	Product	Versions
FreeBSD	FreeBSD	affected `13.1-RELEASE - < 13.1-RELEASE-p6` affected `12.4-RELEASE - < 12.4-RELEASE-p1` affected `12.3-RELEASE - < 12.3-RELEASE-p11`

Weaknesses (CWE)

CWE-20

References

https://security.FreeBSD.org/advisories/FreeBSD-SA-23:01.geli.asc

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-0751

Description

Affected Products

Weaknesses (CWE)

References