Total vulnerabilities in the database
When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is encrypted with an empty key file allowing trivial recovery of the master key.
| Software | From | Fixed in |
|---|---|---|
| freebsd / freebsd | 12.4-rc2-p2 | 12.4-rc2-p2.x |
| freebsd / freebsd | 12.4-rc2-p1 | 12.4-rc2-p1.x |
| freebsd / freebsd | 13.1-b1-p1 | 13.1-b1-p1.x |
| freebsd / freebsd | 13.1-b2-p2 | 13.1-b2-p2.x |
| freebsd / freebsd | 13.1-rc1-p1 | 13.1-rc1-p1.x |
| freebsd / freebsd | 13.1-p1 | 13.1-p1.x |
| freebsd / freebsd | 13.1-p2 | 13.1-p2.x |
| freebsd / freebsd | 13.1-p3 | 13.1-p3.x |
| freebsd / freebsd | 13.1-p4 | 13.1-p4.x |
| freebsd / freebsd | 13.1-p5 | 13.1-p5.x |
| freebsd / freebsd | 12.3-p1 | 12.3-p1.x |
| freebsd / freebsd | 12.3-p2 | 12.3-p2.x |
| freebsd / freebsd | 12.3-p3 | 12.3-p3.x |
| freebsd / freebsd | 12.3-p4 | 12.3-p4.x |
| freebsd / freebsd | 12.3-p5 | 12.3-p5.x |
| freebsd / freebsd | 13.1 | 13.1.x |
| freebsd / freebsd | 12.4 | 12.4.x |
| freebsd / freebsd | 12.3 | 12.3.x |