The Chonkerton

Since Linux 6.9, LUKS suspend stopped wiping disk-encryption keys from memory

tech

A security regression in Linux kernel 6.9 has broken a critical safeguard in LUKS, the full-disk encryption system. When a machine suspends, LUKS is designed to erase encryption keys from memory—preventing attackers from dumping RAM and stealing them. But in kernel 6.9, that key-wipe stopped working, leaving disk-encryption keys exposed. The discovery was noted on Hacker News: it affects Linux users running LUKS-encrypted systems. This represents a regression from prior kernels, which would cleanly erase keys before the machine went to sleep.

Source: https://mathstodon.xyz/@iblech/116769502749142438

Listen to this story

Hear this and more stories in a personalized audio briefing.

Open The Chonkerton